CCT-176: Do not wait until the server closes the TLS connection

* Card ID: CCT-176 * Card ID: RHEL-17345 Starting with TLS 1.1, it is not required of the server to send the `close_notify` alert before closing their the connection. TLS 1.3 uses half-close policy which extends this behavior. Candlepin is migrating to Quarkus which does not send these messages by default. This makes subscription-manager hang during the `.sock.unwrap()` because it waits for the message until it timeouts.
candlepin · Nov 30, 2023 · 0bd1693 · 0bd1693
1 parent 5ffa8be
commit 0bd1693
Showing 1 changed file with 2 additions and 14 deletions.
diff --git a/src/rhsm/connection.py b/src/rhsm/connection.py
@@ -666,21 +666,9 @@ def __init__(
             self.headers["Authorization"] = "Bearer " + token
 
     def close_connection(self) -> None:
-        """
-        Try to close connection to server
-        :return: None
-        """
+        """Close the connection to the server"""
         if self.__conn is not None:
-            # Do proper TLS shutdown handshake (TLS tear down) first
-            if self.__conn.sock is not None:
-                log.debug(f"Closing HTTPS connection {self.__conn.sock}")
-                try:
-                    self.__conn.sock.unwrap()
-                except ssl.SSLError as err:
-                    log.debug(f"Unable to close TLS connection properly: {err}")
-                else:
-                    log.debug("TLS connection closed")
-            # Then it is possible to close TCP connection
+            log.debug("Closing connection")
             self.__conn.close()
         self.__conn = None