From: schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2>
Date: Wed, 14 Oct 2009 10:06:49 +0000 (+0000)
Subject: Correct initial- and end-handshakes for SSL
X-Git-Url: https://git.tokkee.org/?p=roundup.git;a=commitdiff_plain;h=a0396e58a791fdd349cfd376751637d99b846473

Correct initial- and end-handshakes for SSL


git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4380 57a73879-2fb5-44c3-a270-3262357dd7e2
---

diff --git a/CHANGES.txt b/CHANGES.txt
index 6c6c2db..2ebb1d3 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -10,6 +10,7 @@ Fixes:
   This also fixes a case where a WantReadError is raised and apparently
   the bytes already read are dropped (seems the WantReadError is really
   an error, not just an indication to retry).
+- Correct initial- and end-handshakes for SSL
 
 2009-10-09 1.4.10 (r4374)
 
diff --git a/roundup/scripts/roundup_server.py b/roundup/scripts/roundup_server.py
index 2ebd56e..2e26218 100644
--- a/roundup/scripts/roundup_server.py
+++ b/roundup/scripts/roundup_server.py
@@ -29,8 +29,6 @@ try:
 except ImportError:
     SSL = None
 
-from time import sleep
-
 # python version check
 from roundup import configuration, version_check
 from roundup import __version__ as roundup_version
@@ -76,7 +74,7 @@ DEFAULT_MULTIPROCESS = MULTIPROCESS_TYPES[-1]
 
 def auto_ssl():
     print _('WARNING: generating temporary SSL certificate')
-    import OpenSSL, time, random, sys
+    import OpenSSL, random
     pkey = OpenSSL.crypto.PKey()
     pkey.generate_key(OpenSSL.crypto.TYPE_RSA, 768)
     cert = OpenSSL.crypto.X509()
@@ -128,7 +126,7 @@ class SecureHTTPServer(BaseHTTPServer.HTTPServer):
                         try:
                             return self.__fileobj.readline(*args)
                         except SSL.WantReadError:
-                            sleep (.1)
+                            time.sleep(.1)
 
                 def read(self, *args):
                     """ SSL.Connection can return WantRead """
@@ -136,7 +134,7 @@ class SecureHTTPServer(BaseHTTPServer.HTTPServer):
                         try:
                             return self.__fileobj.read(*args)
                         except SSL.WantReadError:
-                            sleep (.1)
+                            time.sleep(.1)
 
                 def __getattr__(self, attrib):
                     return getattr(self.__fileobj, attrib)
@@ -590,6 +588,20 @@ class ServerConfig(configuration.Config):
             DEBUG_MODE = self["MULTIPROCESS"] == "debug"
             CONFIG = self
 
+            def setup(self):
+                if self.CONFIG["SSL"]:
+                    # perform initial ssl handshake. This will set
+                    # internal state correctly so that later closing SSL
+                    # socket works (with SSL end-handshake started)
+                    self.request.do_handshake()
+                RoundupRequestHandler.setup(self)
+
+            def finish(self):
+                RoundupRequestHandler.finish(self)
+                if self.CONFIG["SSL"]:
+                    self.request.shutdown()
+                    self.request.close()
+
         if self["SSL"]:
             base_server = SecureHTTPServer
         else: