From eb88cea3c74a253d3a08d010bfd328aa845c6d5b Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Mon, 23 Jul 2012 23:20:32 +1200
Subject: [PATCH] Catch an amazingly subtle SSL connection corruption bug.

Closing a set of pseudo-file descriptors in the wrong order caused junk data to
be written to the SSL stream. An apparent bug in OpenSSL then lets this corrupt
the _next_ SSL connection.
---
 netlib/tcp.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/netlib/tcp.py b/netlib/tcp.py
index a68b608b4..66a26872f 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -209,9 +209,9 @@ class BaseHandler:
         try:
             if not getattr(self.wfile, "closed", False):
                 self.wfile.flush()
+            self.close()
             self.wfile.close()
             self.rfile.close()
-            self.close()
         except socket.error:
             # Remote has disconnected
             pass
@@ -245,10 +245,10 @@ class BaseHandler:
                 self.connection.shutdown()
             else:
                 self.connection.shutdown(socket.SHUT_RDWR)
-            self.connection.close()
-        except (socket.error, SSL.Error):
+        except (socket.error, SSL.Error), v:
             # Socket probably already closed
             pass
+        self.connection.close()
 
 
 class TCPServer: