Explicitly close socket on certificate error

Change-Id: I3df7a2e3c2a043c186c47860d9a9d1855f81ec92
2026-04-11 20:41:29 +00:00 · 2026-04-08 15:45:56 -04:00
parent ffe2fe32a1
commit ebff73116a
1 changed files with 11 additions and 3 deletions
--- a/pyghmi/util/webclient.py
+++ b/pyghmi/util/webclient.py
@@ -208,9 +208,17 @@ class SecureHTTPConnection(httplib.HTTPConnection, object):
            ctx.verify_mode = ssl.CERT_NONE
            self.sock = ctx.wrap_socket(plainsock)
            bincert = self.sock.getpeercert(binary_form=True)
-            if not self._certverify(bincert):
-                raise pygexc.UnrecognizedCertificate('Unknown certificate',
-                                                     bincert)
+            try:
+                if not self._certverify(bincert):
+                    raise pygexc.UnrecognizedCertificate('Unknown certificate',
+                                                        bincert)
+            except Exception:
+                try:
+                    self.sock.close()
+                except Exception:
+                    pass
+                self.sock = None
+                raise
        else:
            ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
            ctx.load_default_certs()