From 35f6739b3ca7dc499f349027344213e9a2c4fda9 Mon Sep 17 00:00:00 2001
From: Philipp Kunz <code@philkunz.com>
Date: Mon, 17 Mar 2025 13:15:12 +0000
Subject: [PATCH] fix(tls-handshake): Set certificate_expired TLS alert level
 to warning instead of fatal to allow graceful termination.

---
 changelog.md                       | 6 ++++++
 ts/00_commitinfo_data.ts           | 2 +-
 ts/classes.pp.connectionhandler.ts | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/changelog.md b/changelog.md
index 3c0f0a5..c8e6af8 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 2025-03-17 - 4.1.13 - fix(tls-handshake)
+Set certificate_expired TLS alert level to warning instead of fatal to allow graceful termination.
+
+- In the TLS handshake alert for certificate_expired (0x2F), changed the alert level from 0x02 (fatal) to 0x01 (warning).
+- This change avoids abrupt connection termination, enabling a smoother handling of certificate expiration alerts.
+
 ## 2025-03-17 - 4.1.12 - fix(classes.pp.connectionhandler)
 Replace unrecognized_name alert data with certificate_expired alert in TLS handshake handling for session resumption without SNI
 
diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts
index 14581ff..925c6d6 100644
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartproxy',
-  version: '4.1.12',
+  version: '4.1.13',
   description: 'A powerful proxy package that effectively handles high traffic, with features such as SSL/TLS support, port proxying, WebSocket handling, dynamic routing with authentication options, and automatic ACME certificate management.'
 }
diff --git a/ts/classes.pp.connectionhandler.ts b/ts/classes.pp.connectionhandler.ts
index 30722ff..809db31 100644
--- a/ts/classes.pp.connectionhandler.ts
+++ b/ts/classes.pp.connectionhandler.ts
@@ -611,7 +611,7 @@ export class ConnectionHandler {
               0x03, // TLS 1.2 version
               0x00,
               0x02, // Length
-              0x02, // Fatal alert level (2)
+              0x01, // Warning alert level (1)
               0x2F, // certificate_expired alert (47)
             ]);