From ed70129e15ea028469145111044a4349960a4e6f Mon Sep 17 00:00:00 2001
From: neonene <53406459+neonene@users.noreply.github.com>
Date: Mon, 9 Sep 2019 21:33:43 +0900
Subject: [PATCH] bpo-37702: Fix SSL's certificate-store leak on Windows
 (GH-15632)

ssl_collect_certificates function in _ssl.c has a memory leak.
Calling CertOpenStore() and CertAddStoreToCollection(), a store's refcnt gets incremented by 2.
But CertCloseStore() is called only once and the refcnt leaves 1.
---
 .../next/Windows/2019-07-29-16-49-31.bpo-37702.Lj2f5e.rst       | 2 ++
 Modules/_ssl.c                                                  | 1 +
 2 files changed, 3 insertions(+)
 create mode 100644 Misc/NEWS.d/next/Windows/2019-07-29-16-49-31.bpo-37702.Lj2f5e.rst

diff --git a/Misc/NEWS.d/next/Windows/2019-07-29-16-49-31.bpo-37702.Lj2f5e.rst b/Misc/NEWS.d/next/Windows/2019-07-29-16-49-31.bpo-37702.Lj2f5e.rst
new file mode 100644
index 0000000000..67d53d4c46
--- /dev/null
+++ b/Misc/NEWS.d/next/Windows/2019-07-29-16-49-31.bpo-37702.Lj2f5e.rst
@@ -0,0 +1,2 @@
+Fix memory leak on Windows in creating an SSLContext object or
+running urllib.request.urlopen('https://...').
\ No newline at end of file
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 3d63612168..d94efa98e9 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -5581,6 +5581,7 @@ ssl_collect_certificates(const char *store_name)
             if (result) {
                 ++storesAdded;
             }
+            CertCloseStore(hSystemStore, 0);  /* flag must be 0 */
         }
     }
     if (storesAdded == 0) {
-- 
2.40.0