gh-113280: Always close socket if SSLSocket creation failed (GH-114659)

Co-authored-by: Thomas Grainger <tagrain@gmail.com>
2025-10-09 16:34:44 +00:00 · 2024-02-04 17:28:07 +02:00 · 2024-02-04 17:28:07 +02:00 · 0ea366240b
commit 0ea366240b
parent ecabff98c4
3 changed files with 81 additions and 67 deletions
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@ -2206,14 +2206,15 @@ def _test_get_server_certificate(test, host, port, cert=None):
        sys.stdout.write("\nVerified certificate for %s:%s is\n%s\n" % (host, port ,pem))

 def _test_get_server_certificate_fail(test, host, port):
-    try:
-        pem = ssl.get_server_certificate((host, port), ca_certs=CERTFILE)
-    except ssl.SSLError as x:
-        #should fail
-        if support.verbose:
-            sys.stdout.write("%s\n" % x)
-    else:
-        test.fail("Got server certificate %s for %s:%s!" % (pem, host, port))
+    with warnings_helper.check_no_resource_warning(test):
+        try:
+            pem = ssl.get_server_certificate((host, port), ca_certs=CERTFILE)
+        except ssl.SSLError as x:
+            #should fail
+            if support.verbose:
+                sys.stdout.write("%s\n" % x)
+        else:
+            test.fail("Got server certificate %s for %s:%s!" % (pem, host, port))


 from test.ssl_servers import make_https_server
@ -3026,6 +3027,16 @@ class ThreadedTests(unittest.TestCase):
                                     server_hostname="python.example.org") as s:
                with self.assertRaises(ssl.CertificateError):
                    s.connect((HOST, server.port))
+        with ThreadedEchoServer(context=server_context, chatty=True) as server:
+            with warnings_helper.check_no_resource_warning(self):
+                with self.assertRaises(UnicodeError):
+                    context.wrap_socket(socket.socket(),
+                            server_hostname='.pythontest.net')
+        with ThreadedEchoServer(context=server_context, chatty=True) as server:
+            with warnings_helper.check_no_resource_warning(self):
+                with self.assertRaises(UnicodeDecodeError):
+                    context.wrap_socket(socket.socket(),
+                            server_hostname=b'k\xf6nig.idn.pythontest.net')

    def test_wrong_cert_tls12(self):
        """Connecting when the server rejects the client's certificate
@ -4983,7 +4994,8 @@ class TestPreHandshakeClose(unittest.TestCase):
            self.assertIsNone(wrap_error.library, msg="attr must exist")
        finally:
            # gh-108342: Explicitly break the reference cycle
-            wrap_error = None
+            with warnings_helper.check_no_resource_warning(self):
+                wrap_error = None
            server = None

    def test_https_client_non_tls_response_ignored(self):
@ -5032,7 +5044,8 @@ class TestPreHandshakeClose(unittest.TestCase):
        # socket; that fails if the connection is broken. It may seem pointless
        # to test this. It serves as an illustration of something that we never
        # want to happen... properly not happening.
-        with self.assertRaises(OSError):
+        with warnings_helper.check_no_resource_warning(self), \
+                self.assertRaises(OSError):
            connection.request("HEAD", "/test", headers={"Host": "localhost"})
            response = connection.getresponse()