Close file descriptor of temporary file after building certificate chain (#71825)
* Close file descriptor of temporary file after building certificate chain. * Add changelog fragment for PR71825
This commit is contained in:
parent
3af7425367
commit
f1c4a954d5
2 changed files with 5 additions and 0 deletions
|
@ -0,0 +1,3 @@
|
|||
bugfixes:
|
||||
- urls - Close filedescriptor of certificate chain tempfile to prevent stale
|
||||
filedescriptor leakage (https://github.com/ansible/ansible/pull/71825).
|
|
@ -900,6 +900,8 @@ class SSLValidationHandler(urllib_request.BaseHandler):
|
|||
if HAS_SSLCONTEXT:
|
||||
default_verify_paths = ssl.get_default_verify_paths()
|
||||
paths_checked[:0] = [default_verify_paths.capath]
|
||||
else:
|
||||
os.close(tmp_fd)
|
||||
|
||||
return (tmp_path, cadata, paths_checked)
|
||||
|
||||
|
|
Loading…
Reference in a new issue