Summary

Fixes #819

1. Add mutex protection to fileWriter.Write() to serialize writes. 2) Audit certificate processing code (ztls/tls/openssl clients) for infinite loops or unprotected context waits, especially for complex certificate chains. 3) Implement timeout guards around cert validation and processing. 4) Verify goroutine lifecycle: ensure hung TLS operations cancel cleanly and don’t block result writers. 5) Add drain/flush protocol before process exit. 6) Test with the provided problematic host certificate.

Changes Made

Correctly fixes the root cause — a fatally broken select in ztls’s tlsHandshakeWithTimeout where Handshake() was evaluated synchronously before the select could race — and adds proper per-iteration timeouts to cipher enumeration across both Go TLS backends. The file writer mutex addresses the truncated JSON output symptom.

Verification

• Build: PASS
• Tests: N/A
• Lint: PASS

Summary by CodeRabbit

• Bug Fixes
  • File writing is now thread-safe, always appends a newline, and Close reliably flushes, syncs, and surfaces errors to improve data integrity.
  • TLS probing now uses per-attempt timeouts with stronger cancellation and cleanup, improving responsiveness, clearer timeout errors, and avoiding resource leaks.

/claim #819