File 0579-Handle-closure-alerts-in-pre-connected-states.patch of Package erlang

From cabd9f2d943dcd2f18f5ff7a25abd2483e07d67d Mon Sep 17 00:00:00 2001
From: Simon Cornish <7t9jna402@sneakemail.com>
Date: Mon, 10 Mar 2025 14:52:35 -0700
Subject: [PATCH 1/2] Handle closure alerts in pre-connected states

---
 lib/ssl/src/tls_record_1_3.erl | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/lib/ssl/src/tls_record_1_3.erl b/lib/ssl/src/tls_record_1_3.erl
index 48832edd75..ddc4dac05b 100644
--- a/lib/ssl/src/tls_record_1_3.erl
+++ b/lib/ssl/src/tls_record_1_3.erl
@@ -157,15 +157,17 @@ decode_cipher_text(#ssl_tls{type = ?ALERT,
     {#ssl_tls{type = ?ALERT,
               version = ?TLS_1_3, %% Internally use real version
               fragment = <<?FATAL,?ILLEGAL_PARAMETER>>}, ConnectionStates0};
-%% TLS 1.3 server can receive a User Cancelled Alert when handshake is
-%% paused and then cancelled on the client side.
+%% TLS 1.3 server can receive Closure Alerts before the handshake is completed
 decode_cipher_text(#ssl_tls{type = ?ALERT,
                             version = ?LEGACY_VERSION,
-                            fragment = <<?FATAL,?USER_CANCELED>>},
-		   ConnectionStates0) ->
+                            fragment = <<_Level,ClosureAlert>>},
+                   #{current_read :=
+                         #{security_parameters :=
+                               #security_parameters{application_traffic_secret = undefined}}} = ConnectionStates0)
+  when (ClosureAlert == ?USER_CANCELED orelse ClosureAlert == ?CLOSE_NOTIFY) ->
     {#ssl_tls{type = ?ALERT,
               version = ?TLS_1_3, %% Internally use real version
-              fragment = <<?FATAL,?USER_CANCELED>>}, ConnectionStates0};
+              fragment = <<?FATAL,ClosureAlert>>}, ConnectionStates0};
 %% RFC8446 - TLS 1.3
 %% D.4.  Middlebox Compatibility Mode
 %%    -  If not offering early data, the client sends a dummy
-- 
2.43.0