2 files changed, 5 insertions, 1 deletions

diff --git a/netlib/tcp.py b/netlib/tcp.py
index 31e9a398..f4a713f9 100644
--- a/netlib/tcp.py
+++ b/netlib/tcp.py
@@ -235,6 +235,7 @@ class TCPClient:
         try:
             if self.ssl_established:
                 self.connection.shutdown()
+                self.connection.sock_shutdown(socket.SHUT_WR)
             else:
                 self.connection.shutdown(socket.SHUT_WR)
             #Section 4.2.2.13 of RFC 1122 tells us that a close() with any pending readable data could lead to an immediate RST being sent.
@@ -302,6 +303,8 @@ class BaseHandler:
         if request_client_cert:
             def ver(*args):
                 self.clientcert = certutils.SSLCert(args[1])
+                # err 20 = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
+                #return True
             ctx.set_verify(SSL.VERIFY_PEER, ver)
         self.connection = SSL.Connection(ctx, self.connection)
         self.ssl_established = True
@@ -338,6 +341,7 @@ class BaseHandler:
         try:
             if self.ssl_established:
                 self.connection.shutdown()
+                self.connection.sock_shutdown(socket.SHUT_WR)
             else:
                 self.connection.shutdown(socket.SHUT_WR)
             #Section 4.2.2.13 of RFC 1122 tells us that a close() with any pending readable data could lead to an immediate RST being sent.
diff --git a/netlib/test.py b/netlib/test.py
index 661395c5..87802bd5 100644
--- a/netlib/test.py
+++ b/netlib/test.py
@@ -52,7 +52,7 @@ class TServer(tcp.TCPServer):
         self.last_handler = h
         if self.ssl:
             cert = certutils.SSLCert.from_pem(
-                file(self.ssl["cert"], "r").read()
+                file(self.ssl["cert"], "rb").read()
             )
             if self.ssl["v3_only"]:
                 method = tcp.SSLv3_METHOD