CCT-176: Do not wait until the server closes the TLS connection

* Card ID: CCT-176 * Card ID: RHEL-17345 The TLS specification (e.g. RFC 5246 # 7.2.1) says that when two parties are closing the connection, they should both send `close_notify` alert before closing their read channel. Candlepin is migrating to Quarkus which does not send these messages. This makes subscription-manager hang during the `.sock.unwrap()` because it waits for the message until it timeouts. The easiest solution is to do not try to do any kind of handling directly and leave it to the standard library. This solution was verified by the Candlepin developers.
candlepin · Nov 24, 2023 · 0850499 · 0850499
1 parent 5ffa8be
commit 0850499
Showing 1 changed file with 2 additions and 14 deletions.
diff --git a/src/rhsm/connection.py b/src/rhsm/connection.py
@@ -666,21 +666,9 @@ def __init__(
             self.headers["Authorization"] = "Bearer " + token
 
     def close_connection(self) -> None:
-        """
-        Try to close connection to server
-        :return: None
-        """
+        """Close the connection to the server"""
         if self.__conn is not None:
-            # Do proper TLS shutdown handshake (TLS tear down) first
-            if self.__conn.sock is not None:
-                log.debug(f"Closing HTTPS connection {self.__conn.sock}")
-                try:
-                    self.__conn.sock.unwrap()
-                except ssl.SSLError as err:
-                    log.debug(f"Unable to close TLS connection properly: {err}")
-                else:
-                    log.debug("TLS connection closed")
-            # Then it is possible to close TCP connection
+            log.debug("Closing connection")
             self.__conn.close()
         self.__conn = None