SSL certificate hostname mismatch is checked only once

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Make a request to an HTTPS server with a domain name not matching one that 
is specified in the corresponding SSL certificate.
2. Repeat the request once again.

Expected behavior: both requests fail with CertificateHostnameMismatch error.

Actual behavior: the first request fails with CertificateHostnameMismatch, but 
the second one succeeds.

The problem is caused by incorrect error handling in connect() method of 
HTTPSConnectionWithTimeout class. The created socket is closed in case of a 
general SSL error, but it's not closed in case of 
CertificateHostnameMismatchError (as ssl module doesn't provide hostname 
checking and it's done by httplib2 code). So when the second request is 
performed, connect() is not called, because the connection has already been 
created, and certificate hostname mismatch is not checked. 

Tested versions: the last commit of the default branch in hg repo; 0.7.2, 0.8.

A possible patch fixing this bug is attached.

Original issue reported on code.google.com by rpodoly...@mirantis.com on 23 Apr 2013 at 7:54

Attachments:

• ssl_hostname.diff

[GoogleCodeExporter]

It would probably help if you can add a test for this. Also, the homepage 
states that submitting patches to codereview.appspot.com is preferred, so you 
should try that.

Original comment by djc.ochtman on 17 Jun 2013 at 9:18