If a parent process opens a TLS socket prior to forking, and its child process closes it, this has the unfortunate side-effect of terminating the parent's connection. With a non-TLS socket this does not happen, i.e., closing the parent's socket in the child has no effect on the parent.

If a fix for this is not implemented, could you please detail what code changes would be necessary to do so? That way I can implement it myself without requiring it to be a feature for all users of this library.

In tls.c, Tls_Clean, if I comment out the BIO_free_all call, this problem goes away.  However, will this cause a memory leak?  Is there some better way you can think of that I can handle this situation?  I would ideally like the option of closing the socket and freeing all OpenSSL structures but not sending a close notify.

Probably the best solution is to enable "fast-path" during compilation, which
lets OpenSSL handle that part of the process for TCP sockets.  This will
eventually be made the default, it seems to be much better.

Part of the confusion is TLS is not a socket connection, but a protocol on top of
it. So if the TLS session is "shutdown" in the child, it is no longer available in
the parent. However, the channel itself may remain available if tls::unimport is
used instead of close, but the TLS session is itself terminated. This assumes the
other end doesn't close the socket when it receives the close_notify.