From efc88b24b8ee34f89ebbca0371d9928b049e638e Mon Sep 17 00:00:00 2001
From: Wouter Coekaerts <wouter@squareup.com>
Date: Mon, 3 Jul 2017 13:24:45 -0700
Subject: [PATCH] Don't leak open connections when the TLS handshake fails

---
 .../driver/internal/net/ChannelFactory.java     | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/driver/src/main/java/org/neo4j/driver/internal/net/ChannelFactory.java b/driver/src/main/java/org/neo4j/driver/internal/net/ChannelFactory.java
index cf7f592137..36fa7a7c91 100644
--- a/driver/src/main/java/org/neo4j/driver/internal/net/ChannelFactory.java
+++ b/driver/src/main/java/org/neo4j/driver/internal/net/ChannelFactory.java
@@ -44,7 +44,22 @@ static ByteChannel create( BoltServerAddress address, SecurityPlan securityPlan,
 
         if ( securityPlan.requiresEncryption() )
         {
-            channel = TLSSocketChannel.create( address, securityPlan, soChannel, log );
+            try
+            {
+                channel = TLSSocketChannel.create( address, securityPlan, soChannel, log );
+            }
+            catch ( Exception e )
+            {
+                try
+                {
+                    channel.close();
+                }
+                catch( IOException e2 )
+                {
+                    // best effort
+                }
+                throw e;
+            }
         }
 
         if ( log.isTraceEnabled() )