From e6a8730f98d61583f31ac530e2a1c8da2fa181ed Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Thu, 9 Oct 2014 04:42:39 +0200
Subject: [PATCH] fix tcp closing for ssled connections

---
 netlib/tcp.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/netlib/tcp.py b/netlib/tcp.py
index 8e87bec8c..7a970be6e 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -238,19 +238,18 @@ class _Connection(object):
             else:
                 self.connection.shutdown(socket.SHUT_WR)
 
+            if type(self.connection) != SSL.Connection or self.ssl_established:
                 # Section 4.2.2.13 of RFC 1122 tells us that a close() with any
                 # pending readable data could lead to an immediate RST being sent (which is the case on Windows).
                 # http://ia600609.us.archive.org/22/items/TheUltimateSo_lingerPageOrWhyIsMyTcpNotReliable/the-ultimate-so_linger-page-or-why-is-my-tcp-not-reliable.html
                 #
-                # Do not call this for an SSL.Connection:
+                # Do not call this for every SSL.Connection:
                 # If the SSL handshake failed at the first place, OpenSSL's SSL_read tries to negotiate the connection
                 # again at this point, calls the SNI handler and segfaults.
                 # https://github.com/mitmproxy/mitmproxy/issues/373#issuecomment-58383499
-                # (if this turns out to be an issue for successful SSL connections,
-                # we should check for ssl_established or access the socket directly)
-
                 while self.connection.recv(4096):  # pragma: no cover
                     pass
+
             self.connection.close()
         except (socket.error, SSL.Error, IOError):
             # Socket probably already closed