Skip to content

Commit

Permalink
Close SSL sockets when connections/validations fail
Browse files Browse the repository at this point in the history 
Handle more cases of failure when initializing SSL sockets, and make
sure no socket is left unclosed in case of errors.

Co-authored-by: Salvatore Mesoraca <salvatore.mesoraca@aiven.io>
Signed-off-by: Salvatore Mesoraca <salvatore.mesoraca@aiven.io>
  • Loading branch information
@kurtmckee @aiven-sal
kurtmckee and aiven-sal committed Aug 7, 2024
1 parent 8d139dc commit af92e15
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions valkey/connection.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -815,7 +815,7 @@ def _connect(self):
sock = super()._connect()
try:
return self._wrap_socket_with_ssl(sock)
except OSError:
except (OSError, ValkeyError):
sock.close()
raise

Expand Down Expand Up @@ -850,7 +850,6 @@ def _wrap_socket_with_ssl(self, sock):
context.minimum_version = self.ssl_min_version
if self.ssl_ciphers:
context.set_ciphers(self.ssl_ciphers)
sslsock = context.wrap_socket(sock, server_hostname=self.host)
if self.ssl_validate_ocsp is True and CRYPTOGRAPHY_AVAILABLE is False:
raise ValkeyError("cryptography is not installed.")

Expand All @@ -860,6 +859,8 @@ def _wrap_socket_with_ssl(self, sock):
"- not both."
)

sslsock = context.wrap_socket(sock, server_hostname=self.host)

# validation for the stapled case
if self.ssl_validate_ocsp_stapled:
import OpenSSL
Expand Down

0 comments on commit af92e15

Please sign in to comment.