From 5f18f73918844759f69dea510698bf7e9c197b59 Mon Sep 17 00:00:00 2001
From: Fantix King <fantix.king@gmail.com>
Date: Sat, 1 Oct 2022 16:52:51 -0400
Subject: [PATCH] Close transport after sending close_notify in TLSv1.2

See #471 for details.
---
 uvloop/includes/consts.pxi | 3 +--
 uvloop/sslproto.pxd        | 2 ++
 uvloop/sslproto.pyx        | 9 +++++++++
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/uvloop/includes/consts.pxi b/uvloop/includes/consts.pxi
index f765053d..ff605563 100644
--- a/uvloop/includes/consts.pxi
+++ b/uvloop/includes/consts.pxi
@@ -20,6 +20,5 @@ DEF LOG_THRESHOLD_FOR_CONNLOST_WRITES = 5
 # The default timeout matches that of Nginx.
 DEF SSL_HANDSHAKE_TIMEOUT = 60.0
 # Number of seconds to wait for SSL shutdown to complete
-# The default timeout mimics lingering_time
-DEF SSL_SHUTDOWN_TIMEOUT = 30.0
+DEF SSL_SHUTDOWN_TIMEOUT = 10.0
 DEF SSL_READ_MAX_SIZE = 256 * 1024
diff --git a/uvloop/sslproto.pxd b/uvloop/sslproto.pxd
index 3da10f00..126a1550 100644
--- a/uvloop/sslproto.pxd
+++ b/uvloop/sslproto.pxd
@@ -84,6 +84,8 @@ cdef class SSLProtocol:
         object _handshake_timeout_handle
         object _shutdown_timeout_handle
 
+        str _ssl_version
+
     cdef _set_app_protocol(self, app_protocol)
     cdef _wakeup_waiter(self, exc=*)
     cdef _get_extra_info(self, name, default=*)
diff --git a/uvloop/sslproto.pyx b/uvloop/sslproto.pyx
index 42bb7644..72918448 100644
--- a/uvloop/sslproto.pyx
+++ b/uvloop/sslproto.pyx
@@ -536,6 +536,7 @@ cdef class SSLProtocol:
                            cipher=sslobj.cipher(),
                            compression=sslobj.compression(),
                            ssl_object=sslobj)
+        self._ssl_version = sslobj.version()
         if self._app_state == STATE_INIT:
             self._app_state = STATE_CON_MADE
             self._app_protocol.connection_made(self._get_app_transport())
@@ -585,6 +586,9 @@ cdef class SSLProtocol:
         """
         cdef:
             bint close_notify = False
+        if self._app_state == STATE_EOF:
+            # close_notify was already received
+            return
         try:
             while True:
                 if not self._sslobj_read(SSL_READ_MAX_SIZE):
@@ -626,6 +630,11 @@ cdef class SSLProtocol:
                 self._sslobj.unwrap()
             except ssl_SSLAgainErrors as exc:
                 self._process_outgoing()
+                if self._ssl_version != "TLSv1.3":
+                    # don't wait for close_notify from the peer in TLSv1.2 or
+                    # lower to conform with widespread implementation practice
+                    if not self._get_write_buffer_size():
+                        self._on_shutdown_complete(None)
             else:
                 self._process_outgoing()
                 if not self._get_write_buffer_size():