From ebff73116a82e14c378271aa382e3451f2dd979d Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 8 Apr 2026 15:45:56 -0400
Subject: [PATCH] Explicitly close socket on certificate error

Change-Id: I3df7a2e3c2a043c186c47860d9a9d1855f81ec92
---
 pyghmi/util/webclient.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/pyghmi/util/webclient.py b/pyghmi/util/webclient.py
index ce29c82b..d7d8b2ac 100644
--- a/pyghmi/util/webclient.py
+++ b/pyghmi/util/webclient.py
@@ -208,9 +208,17 @@ class SecureHTTPConnection(httplib.HTTPConnection, object):
             ctx.verify_mode = ssl.CERT_NONE
             self.sock = ctx.wrap_socket(plainsock)
             bincert = self.sock.getpeercert(binary_form=True)
-            if not self._certverify(bincert):
-                raise pygexc.UnrecognizedCertificate('Unknown certificate',
-                                                     bincert)
+            try:
+                if not self._certverify(bincert):
+                    raise pygexc.UnrecognizedCertificate('Unknown certificate',
+                                                        bincert)
+            except Exception:
+                try:
+                    self.sock.close()
+                except Exception:
+                    pass
+                self.sock = None
+                raise
         else:
             ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
             ctx.load_default_certs()