Correct initial- and end-handshakes for SSL

Ralf Schlatterbeck · Ralf Schlatterbeck · commit ee9270ce036c · 2009-10-14T10:06:49.000Z
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -10,6 +10,7 @@ Fixes:
   This also fixes a case where a WantReadError is raised and apparently
   the bytes already read are dropped (seems the WantReadError is really
   an error, not just an indication to retry).
+- Correct initial- and end-handshakes for SSL
 
 2009-10-09 1.4.10 (r4374)
 
diff --git a/roundup/scripts/roundup_server.py b/roundup/scripts/roundup_server.py
@@ -29,8 +29,6 @@
 except ImportError:
     SSL = None
 
-from time import sleep
-
 # python version check
 from roundup import configuration, version_check
 from roundup import __version__ as roundup_version
@@ -76,7 +74,7 @@
 
 def auto_ssl():
     print _('WARNING: generating temporary SSL certificate')
-    import OpenSSL, time, random, sys
+    import OpenSSL, random
     pkey = OpenSSL.crypto.PKey()
     pkey.generate_key(OpenSSL.crypto.TYPE_RSA, 768)
     cert = OpenSSL.crypto.X509()
@@ -128,15 +126,15 @@ def readline(self, *args):
                         try:
                             return self.__fileobj.readline(*args)
                         except SSL.WantReadError:
-                            sleep (.1)
+                            time.sleep(.1)
 
                 def read(self, *args):
                     """ SSL.Connection can return WantRead """
                     while True:
                         try:
                             return self.__fileobj.read(*args)
                         except SSL.WantReadError:
-                            sleep (.1)
+                            time.sleep(.1)
 
                 def __getattr__(self, attrib):
                     return getattr(self.__fileobj, attrib)
@@ -590,6 +588,20 @@ class RequestHandler(RoundupRequestHandler):
             DEBUG_MODE = self["MULTIPROCESS"] == "debug"
             CONFIG = self
 
+            def setup(self):
+                if self.CONFIG["SSL"]:
+                    # perform initial ssl handshake. This will set
+                    # internal state correctly so that later closing SSL
+                    # socket works (with SSL end-handshake started)
+                    self.request.do_handshake()
+                RoundupRequestHandler.setup(self)
+
+            def finish(self):
+                RoundupRequestHandler.finish(self)
+                if self.CONFIG["SSL"]:
+                    self.request.shutdown()
+                    self.request.close()
+
         if self["SSL"]:
             base_server = SecureHTTPServer
         else:
