Close file descriptor of temporary file after building certificate chain (#71825)

* Close file descriptor of temporary file after building certificate chain. * Add changelog fragment for PR71825
2020-09-30 20:43:24 +02:00 · 2020-09-30 20:43:24 +02:00 · f1c4a954d5
commit f1c4a954d5
parent 3af7425367
2 changed files with 5 additions and 0 deletions
--- a/changelogs/fragments/71825-close-file-descriptor-after-building-cert-chaing.yml
+++ b/changelogs/fragments/71825-close-file-descriptor-after-building-cert-chaing.yml
@ -0,0 +1,3 @@
+bugfixes:
+  - urls - Close filedescriptor of certificate chain tempfile to prevent stale 
+    filedescriptor leakage (https://github.com/ansible/ansible/pull/71825).
--- a/lib/ansible/module_utils/urls.py
+++ b/lib/ansible/module_utils/urls.py
@ -900,6 +900,8 @@ class SSLValidationHandler(urllib_request.BaseHandler):
        if HAS_SSLCONTEXT:
            default_verify_paths = ssl.get_default_verify_paths()
            paths_checked[:0] = [default_verify_paths.capath]
+        else:
+            os.close(tmp_fd)

        return (tmp_path, cadata, paths_checked)