// Non-blocking: return immediately after sending close_notify.

// Don't wait for peer's close_notify to avoid blocking.

drop(conn_guard);

// Best-effort flush; WouldBlock is expected in non-blocking mode.

// Other errors indicate close_notify may not have been sent,

// but we still complete shutdown to avoid inconsistent state.

*self.shutdown_state.lock() = ShutdownState::Completed;

*self.connection.lock() = None;

return Ok(self.sock.clone());

_ => {

// Blocking or timeout mode: wait for peer's close_notify.

// This is proper TLS shutdown - we should receive peer's

// close_notify before closing the connection.

drop(conn_guard);

// Flush our close_notify first

if timeout.is_none() {

self.blocking_flush_all_pending(vm)?;

} else {

self.flush_pending_tls_output(vm, None)?;

}

// Calculate deadline for timeout mode

let deadline = timeout.map(|t| {

std::time::Instant::now() + std::time::Duration::from_secs_f64(t)

});

// Wait for peer's close_notify

loop {

// Re-acquire connection lock for each iteration

let mut conn_guard = self.connection.lock();

let conn = match conn_guard.as_mut() {

Some(c) => c,

None => break, // Connection already closed

};

// Check if peer already sent close_notify

if self.check_peer_closed(conn, vm)? {

break;

}

drop(conn_guard);

// Check timeout

let remaining_timeout = if let Some(dl) = deadline {

let now = std::time::Instant::now();

if now >= dl {

// Timeout reached - raise TimeoutError

return Err(vm.new_exception_msg(

vm.ctx.exceptions.timeout_error.to_owned(),

"The read operation timed out".to_owned(),

));

}

Some(dl - now)

} else {

None // Blocking mode: no timeout

};

// Wait for socket to be readable

let timed_out = self.sock_wait_for_io_with_timeout(

SelectKind::Read,

remaining_timeout,

vm,

)?;

if timed_out {

// Timeout waiting for peer's close_notify

// Raise TimeoutError

return Err(vm.new_exception_msg(

vm.ctx.exceptions.timeout_error.to_owned(),

"The read operation timed out".to_owned(),

));

}

// Try to read data from socket

let mut conn_guard = self.connection.lock();

let conn = match conn_guard.as_mut() {

Some(c) => c,

None => break,

};

// Read and process any incoming TLS data

match self.try_read_close_notify(conn, vm) {

Ok(closed) => {

if closed {

break;

}

// Check again after processing

if self.check_peer_closed(conn, vm)? {

break;

}

}

Err(_) => {

// Socket error - peer likely closed connection

break;

}

}

}

// Shutdown complete

*self.shutdown_state.lock() = ShutdownState::Completed;

*self.connection.lock() = None;

return Ok(self.sock.clone());

// Clean up shutdown_handles as well.

// This is critical to prevent _shutdown() from waiting on threads

// that don't exist in the child process after fork.

if let Some(mut handles) = vm.state.shutdown_handles.try_lock() {

// Mark all non-current threads as done in shutdown_handles

handles.retain(|(inner_weak, done_event_weak): &ShutdownEntry| {

let Some(inner) = inner_weak.upgrade() else {

return false; // Remove dead entries

};

let Some(done_event) = done_event_weak.upgrade() else {

return false;

};

// Try to lock the inner state - skip if we can't

let Some(mut inner_guard) = inner.try_lock() else {

return false;

};

// Skip current thread

if inner_guard.ident == current_ident {

return true;

}

// Keep handles for threads that have not been started yet.

// They are safe to start in the child process.

if inner_guard.state == ThreadHandleState::NotStarted {

return true;

}

// Mark as done so _shutdown() won't wait on it

inner_guard.state = ThreadHandleState::Done;

drop(inner_guard);

// Notify waiters

let (lock, cvar) = &*done_event;

if let Some(mut done) = lock.try_lock() {

*done = true;

cvar.notify_all();

}

false // Remove from shutdown_handles - these threads don't exist in child

});

}