Changeset 1928

Timestamp:

03/17/08 15:48:25

Author:

fumanchu

Message:

Minimize risk of dirty conn close when fatal SSL alerts are raised.

Files:

• trunk/cherrypy/wsgiserver/__init__.py (modified) (5 diffs)

trunk/cherrypy/wsgiserver/__init__.py

@@ -678 +678 @@
-class NoSSLError(Exception):
-    """Exception raised when a client speaks HTTP to an HTTPS socket."""
+    pass
+
+
+class FatalSSLAlert(Exception):
+    """Exception raised when the SSL implementation signals a fatal alert."""
-    pass
-
@@ -861 +866 @@
-                    pass
-                
-                if is_reader and thirdarg == 'ssl handshake failure':
-                    # Return "" to simulate EOF which will close the conn.
-                    return ""
-                if thirdarg == 'http request':
-                    # The client is talking HTTP to an HTTPS server.
-                    raise NoSSLError()
-
-
-
-
-
+
-            except:
-                raise
@@ -957 +955 @@
-            if errnum not in socket_errors_to_ignore:
-                if req:
-                    fd = open("ssl_errors.txt", "a")
-                    fd.write("1" * 80)
-                    fd.write("\n")
-                    fd.write(str(type(e)))
-                    fd.write(format_exc())
-                    req.simple_response("500 Internal Server Error",
-                                        format_exc())
@@ -967 +960 @@
-        except (KeyboardInterrupt, SystemExit):
-            raise
+        except FatalSSLAlert, e:
+            # Close the connection.
+            return
-        except NoSSLError:
-            # Unwrap our wfile
@@ -974 +970 @@
-                                "this server only speaks HTTPS on this port.")
-        except Exception, e:
-            fd = open("ssl_errors.txt", "a")
-            fd.write("2" * 80)
-            fd.write("\n")
-            fd.write(format_exc())
-            if req:
-                req.simple_response("500 Internal Server Error", format_exc())