From 4643ecaf54f293ac2913b66d35b5e082d7a2a344 Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Fri, 12 Sep 2014 21:34:30 +0100
Subject: [PATCH] [443964] Fix possible race condition when connecting with
 TLS.

Fix possible race condition when connecting with TLS and publishing at
the same time, which could lead to PUBLISH data being sent before any
other messages and unencrypted. Closes #443964. Thanks to Hiram van
Paassen.

Bug: https://bugs.eclipse.org/bugs/show_bug.cgi?id=443964
Change-Id: I3945ed7d470b69fc939343fc21beffcd7315c502
---
 ChangeLog.txt           | 4 ++++
 src/paho/mqtt/client.py | 7 ++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 5bec8cc..75d04c0 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -8,6 +8,10 @@ v1.0.2
 - Handle "unicode" type payloads on Python 2.7. Thanks to Luc Milland.
 - Fix reconnecting after sending more QoS>0 messages than inflight messages is
   set to, whilst connecting.  Closes #443935. Thanks to Hiram van Paassen.
+- Fix possible race condition when connecting with TLS and publishing at the
+  same time, which could lead to PUBLISH data being sent before any other
+  messages and unencrypted. Closes #443964. Thanks to Hiram van Paassen.
+
 
 v1.0.1
 ======
diff --git a/src/paho/mqtt/client.py b/src/paho/mqtt/client.py
index 6b6afed..3a95509 100755
--- a/src/paho/mqtt/client.py
+++ b/src/paho/mqtt/client.py
@@ -724,16 +724,16 @@ class Client(object):
 
         try:
             if (sys.version_info[0] == 2 and sys.version_info[1] < 7) or (sys.version_info[0] == 3 and sys.version_info[1] < 2):
-                self._sock = socket.create_connection((self._host, self._port))
+                sock = socket.create_connection((self._host, self._port))
             else:
-                self._sock = socket.create_connection((self._host, self._port), source_address=(self._bind_address, 0))
+                sock = socket.create_connection((self._host, self._port), source_address=(self._bind_address, 0))
         except socket.error as err:
             if err.errno != errno.EINPROGRESS and err.errno != errno.EWOULDBLOCK and err.errno != EAGAIN:
                 raise
 
         if self._tls_ca_certs is not None:
             self._ssl = ssl.wrap_socket(
-                self._sock,
+                sock,
                 certfile=self._tls_certfile,
                 keyfile=self._tls_keyfile,
                 ca_certs=self._tls_ca_certs,
@@ -747,6 +747,7 @@ class Client(object):
                 else:
                     ssl.match_hostname(self._ssl.getpeercert(), self._host)
 
+        self._sock = sock
         self._sock.setblocking(0)
 
         return self._send_connect(self._keepalive, self._clean_session)
-- 
2.39.5