From 1da3ba8697b3b72f6a1c2d22f7920977d59d661d Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@cheimes.de>
Date: Wed, 4 Dec 2013 20:46:20 +0100
Subject: Issue #19509: Don't close the socket in do_handshake() when hostname
 verification fails.

---
 Lib/ssl.py | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/Lib/ssl.py b/Lib/ssl.py
index 08b2df2..052a118 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -764,15 +764,10 @@ class SSLSocket(socket):
             self.settimeout(timeout)
 
         if self.context.check_hostname:
-            try:
-                if not self.server_hostname:
-                    raise ValueError("check_hostname needs server_hostname "
-                                     "argument")
-                match_hostname(self.getpeercert(), self.server_hostname)
-            except Exception:
-                self.shutdown(_SHUT_RDWR)
-                self.close()
-                raise
+            if not self.server_hostname:
+                raise ValueError("check_hostname needs server_hostname "
+                                 "argument")
+            match_hostname(self.getpeercert(), self.server_hostname)
 
     def _real_connect(self, addr, connect_ex):
         if self.server_side:
-- 
cgit v0.12