homepage

I don't think your patch is right:
- calling unwrap() already shuts down the SSL layer; this is the right way to do it and is documented as such: "Performs the SSL shutdown handshake, which removes the TLS layer from the underlying socket, and returns the underlying socket object"
- shutdown() right now isn't blocking; if you add a call to SSL shutdown, it can either block or fail with EAGAIN or similar, which is something people won't expect
- close() should simply close the file descriptor, like on a regular socket (if you call socket.close(), it won't shutdown the TCP connection, especially if there's another file descriptor referencing the same connection)
As for Modules/_ssl.c, the case where SSL_shutdown() returns 0 is already handled:
 if (err == 0) {
 /* Don't loop endlessly; instead preserve legacy
 behaviour of trying SSL_shutdown() only twice.
 This looks necessary for OpenSSL < 0.9.8m */
 if (++zeros > 1)
 break;
 /* Shutdown was sent, now try receiving */
 self->shutdown_seen_zero = 1;
 continue;
 }
... so I don't think anything more is necessary.
So I think things are fine right now and your patch shouldn't be applied.