From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 397AF1FF165
	for <inbox@lore.proxmox.com>; Wed, 26 Feb 2025 23:58:30 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 762D71E28A;
	Wed, 26 Feb 2025 23:58:26 +0100 (CET)
Date: Wed, 26 Feb 2025 22:51:34 +0000
To: pve-devel@lists.proxmox.com
MIME-Version: 1.0
Message-ID: <mailman.597.1740610705.293.pve-devel@lists.proxmox.com>
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
From: Rob Rozestraten via pve-devel <pve-devel@lists.proxmox.com>
Precedence: list
Cc: Rob Rozestraten <admin@truthsolo.net>
X-Mailman-Version: 2.1.29
X-BeenThere: pve-devel@lists.proxmox.com
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
Subject: [pve-devel] [PATCH pve-http-server 0/1] close TLS gracefully to
 avoid unexpected EOF at client
Content-Type: multipart/mixed; boundary="===============8372458348709810499=="
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

--===============8372458348709810499==
Content-Type: message/rfc822
Content-Disposition: inline

Return-Path: <admin@truthsolo.net>
X-Original-To: pve-devel@lists.proxmox.com
Delivered-To: pve-devel@lists.proxmox.com
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by lists.proxmox.com (Postfix) with ESMTPS id 298DFD1666
	for <pve-devel@lists.proxmox.com>; Wed, 26 Feb 2025 23:58:25 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 0CB411E175
	for <pve-devel@lists.proxmox.com>; Wed, 26 Feb 2025 23:57:55 +0100 (CET)
Received: from mail-41103.protonmail.ch (mail-41103.protonmail.ch [185.70.41.103])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by firstgate.proxmox.com (Proxmox) with ESMTPS
	for <pve-devel@lists.proxmox.com>; Wed, 26 Feb 2025 23:57:53 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=truthsolo.net;
	s=protonmail3; t=1740610303; x=1740869503;
	bh=FoUrmH86aTDtZWi6gv958qFUEW5XMqMGMERQ2lICxZE=;
	h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date:
	 Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector:
	 List-Unsubscribe:List-Unsubscribe-Post;
	b=ry5kDvD30VBeKgrr37/1cTRAFoMKxKejU7qa1PgNFxSdGa2OSuWTxG0piLqssWSp4
	 Gkh2CDQAyjSqaJRDvNxrAd+VU+9ZkdASjuHweH5Pcyv2UhehVho4x1RHBfE7ZU00Zq
	 Zf//Oc7j35rIWwiWs0PIXrQC87ntyY0yjiYPjyCmFgQK9hMVRgcCCw06Rw2OGisCdo
	 UhwpeVUEE8ea1xPR52W3nl5dHX8olWOS0ODClMaDjbw+trnDHEAYqcUtHQ5sgv2May
	 SInoWjUUqlUW4k5P4mwfCqAR5widR6ga0/NEk8jdXXieoez9evot2SeN34LAvoxqUH
	 V5Yi4uTFteCCw==
Date: Wed, 26 Feb 2025 22:51:34 +0000
To: pve-devel@lists.proxmox.com
From: Rob Rozestraten <admin@truthsolo.net>
Subject: [PATCH pve-http-server 0/1] close TLS gracefully to avoid unexpected EOF at client
Message-ID: <20250226225126.346918-1-admin@truthsolo.net>
Feedback-ID: 48530542:user:proton
X-Pm-Message-ID: ae8345b060ffa8e6a07f070b7842ae9317cba49b
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-SPAM-LEVEL: Spam detection results:  0
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DKIM_SIGNED               0.1 Message has a DKIM or DK signature, not necessarily valid
	DKIM_VALID               -0.1 Message has at least one valid DKIM or DK signature
	DKIM_VALID_AU            -0.1 Message has a valid DKIM or DK signature from author's domain
	DKIM_VALID_EF            -0.1 Message has a valid DKIM or DK signature from envelope-from domain
	DMARC_PASS               -0.1 DMARC pass policy
	RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/, no trust
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED  0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked.  See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
	RCVD_IN_VALIDITY_RPBL_BLOCKED  0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked.  See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
	RCVD_IN_VALIDITY_SAFE_BLOCKED  0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked.  See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
	SPF_HELO_PASS          -0.001 SPF: HELO matches SPF record
	SPF_PASS               -0.001 SPF: sender matches SPF record
	URIBL_BLOCKED           0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked.  See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [anyevent.pm,truthsolo.net]

Howdy,

Found this while setting up Katello with Proxmox on AlmaLinux 9.
Unexpected EOF when closing some TLS connections results in an error
under the latest crypto policies.

Related bug at theforeman:

 * https://github.com/theforeman/foreman_fog_proxmox/issues/325

I thought it would be good to close TLS properly here vs changing crypto
policies. Would you consider including this patch?

cheers,

Rob Rozestraten (1):
  close TLS gracefully to avoid unexpected EOF at client

 src/PVE/APIServer/AnyEvent.pm | 1 +
 1 file changed, 1 insertion(+)

--=20
2.48.1




--===============8372458348709810499==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

--===============8372458348709810499==--