From 0bd16932c4018af049fdfd7975b4d8aad4c3ad28 Mon Sep 17 00:00:00 2001
From: mhorky <mhorky@redhat.com>
Date: Fri, 24 Nov 2023 15:04:23 +0100
Subject: [PATCH] CCT-176: Do not wait until the server closes the TLS
 connection

* Card ID: CCT-176
* Card ID: RHEL-17345

Starting with TLS 1.1, it is not required of the server to send the
`close_notify` alert before closing their the connection. TLS 1.3 uses
half-close policy which extends this behavior.

Candlepin is migrating to Quarkus which does not send these messages by
default. This makes subscription-manager hang during the
`.sock.unwrap()` because it waits for the message until it timeouts.
---
 src/rhsm/connection.py | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/src/rhsm/connection.py b/src/rhsm/connection.py
index 59d147a68e..501008ab39 100644
--- a/src/rhsm/connection.py
+++ b/src/rhsm/connection.py
@@ -666,21 +666,9 @@ def __init__(
             self.headers["Authorization"] = "Bearer " + token
 
     def close_connection(self) -> None:
-        """
-        Try to close connection to server
-        :return: None
-        """
+        """Close the connection to the server"""
         if self.__conn is not None:
-            # Do proper TLS shutdown handshake (TLS tear down) first
-            if self.__conn.sock is not None:
-                log.debug(f"Closing HTTPS connection {self.__conn.sock}")
-                try:
-                    self.__conn.sock.unwrap()
-                except ssl.SSLError as err:
-                    log.debug(f"Unable to close TLS connection properly: {err}")
-                else:
-                    log.debug("TLS connection closed")
-            # Then it is possible to close TCP connection
+            log.debug("Closing connection")
             self.__conn.close()
         self.__conn = None