I think Christian analysis is right, in that it takes a bit of GC
support, but not perhaps in the specifics of his approach. I've done
two things to fix this:
1) Put _real_close() back in socket.py, and then override it in
ssl.SSLSocket to release the SSLContext, and
2) Change the pointer to the SSLSocket in _ssl.c to a weakref.
Now SSLSockets get cleaned up properly by the GC system.
One question: _real_close() is what Java calls a "protected" method. Do
we have any way to mark this with annotations or metaclass stuff?