From c447cb6a2a384312b73f892e37122b8ecfdcf328 Mon Sep 17 00:00:00 2001
From: fxrhan <fxrhanansari@gmail.com>
Date: Sat, 3 Jan 2026 22:13:34 +0530
Subject: [PATCH] fix(httpshandler): close socket when SSL handshake fails with
 exception

When iterating through SSL/TLS protocols during connection establishment, the socket was not being closed when wrap_socket raised an exception. This caused socket resource leaks when connecting to servers that reject certain protocol versions.

The fix adds sock.close() calls to both exception handlers, matching the existing pattern used for non-exception failure cases.
---
 lib/request/httpshandler.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/request/httpshandler.py b/lib/request/httpshandler.py
index 9ac900dc9..95203bf23 100644
--- a/lib/request/httpshandler.py
+++ b/lib/request/httpshandler.py
@@ -94,6 +94,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
                         sock.close()
                 except (ssl.SSLError, socket.error, _http_client.BadStatusLine, AttributeError) as ex:
                     self._tunnel_host = None
+                    sock.close()
                     logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))
 
         elif hasattr(ssl, "wrap_socket"):
@@ -111,6 +112,7 @@ class HTTPSConnection(_http_client.HTTPSConnection):
                         sock.close()
                 except (ssl.SSLError, socket.error, _http_client.BadStatusLine) as ex:
                     self._tunnel_host = None
+                    sock.close()
                     logger.debug("SSL connection error occurred for '%s' ('%s')" % (_lut[protocol], getSafeExString(ex)))
 
         if not success: