From 6d14c8e13fc2f437db5c61c9341f1dbc083d6203 Mon Sep 17 00:00:00 2001
From: Antonio Ojea <antonio.ojea.garcia@gmail.com>
Date: Tue, 3 May 2022 16:14:51 +0200
Subject: [PATCH] spdyroundrippter: close the connection if tls handshake fails

---
 .../k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/staging/src/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go b/staging/src/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go
index 9ec3685015f..98730fb5a5e 100644
--- a/staging/src/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go
+++ b/staging/src/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go
@@ -266,6 +266,7 @@ func (s *SpdyRoundTripper) tlsConn(ctx context.Context, rwc net.Conn, targetHost
 
 	// need to manually call Handshake() so we can call VerifyHostname() below
 	if err := tlsConn.HandshakeContext(ctx); err != nil {
+		tlsConn.Close()
 		return nil, err
 	}