[Bug]: openvox-agent-8.x leaves socket open to configured CA service

[xorpaul]

Is this a critical security issue?

• This is not a security issue.

Describe the Bug

All openvox-agent-8.x leaves socket open after the Puppet run completed to the configured Puppet CA service, with 10.77.201.174 being the configured CA:

# ss -n | grep :8140
tcp   CLOSE-WAIT 41     0                                       10.152.0.30:33636   10.77.201.174:8140   
tcp   CLOSE-WAIT 41     0                                       10.152.0.30:33628   10.77.201.174:8140   

on the Puppet CA service/load-balancer it looks like this:

ss -n | grep 10.152.0.30
tcp   FIN-WAIT-2 0      0                                    10.77.201.174:8140              10.152.0.30:33636         
tcp   FIN-WAIT-2 0      0                                    10.77.201.174:8140              10.152.0.30:33628         

10.152.0.30 is the client IP.

I have tested all version between 8.11.0-1.el10 and 8.23.1-1.el10 and they all show the same behaviour.
After the Puppet run two sockets stay open to the Puppet CA service.

It looks like the final FIN is not being sent to the Puppet CA service after the Puppet run:

This causes a problem on our load-balancer, because we have thousands of clients each leaving two sockets open.

Expected Behavior

No open sockets left on the agent side.

Steps to Reproduce

1. Install any openvox-agent 8.x package and have a Puppet CA configured
2. Do a Puppet run
3. Check for un-closed sockets via ss -anp state CLOSE-WAIT | grep :8140

Environment

Version: 8.x
Platform: Reproduced Debian12 and EL10

Additional Context

No response

Relevant log output