From 3268201797fdceaa3b3e8ac0ae506d1426436134 Mon Sep 17 00:00:00 2001
From: Zackery Spytz <zspytz@gmail.com>
Date: Tue, 7 Jul 2020 22:21:58 -0600
Subject: [PATCH] closes bpo-41235: Fix the error handling in
 SSLContext.load_dh_params() (GH-21385) (cherry picked from commit
 aebc0495572c5bb85d2bd97d27cf93ab038b5a6a)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
---
 .../next/Library/2020-07-07-21-56-26.bpo-41235.H2csMU.rst   | 1 +
 Modules/_ssl.c                                              | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Library/2020-07-07-21-56-26.bpo-41235.H2csMU.rst

diff --git a/Misc/NEWS.d/next/Library/2020-07-07-21-56-26.bpo-41235.H2csMU.rst b/Misc/NEWS.d/next/Library/2020-07-07-21-56-26.bpo-41235.H2csMU.rst
new file mode 100644
index 00000000000000..c55275bb1c622b
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-07-07-21-56-26.bpo-41235.H2csMU.rst
@@ -0,0 +1 @@
+Fix the error handling in :meth:`ssl.SSLContext.load_dh_params`.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 5e82fe41a76ec2..58064178a1a343 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -4309,8 +4309,10 @@ _ssl__SSLContext_load_dh_params(PySSLContext *self, PyObject *filepath)
         }
         return NULL;
     }
-    if (SSL_CTX_set_tmp_dh(self->ctx, dh) == 0)
-        _setSSLError(NULL, 0, __FILE__, __LINE__);
+    if (!SSL_CTX_set_tmp_dh(self->ctx, dh)) {
+        DH_free(dh);
+        return _setSSLError(NULL, 0, __FILE__, __LINE__);
+    }
     DH_free(dh);
     Py_RETURN_NONE;
 }