Author: tmckay Date: 2012-10-29 18:12:26 +0000 (Mon, 29 Oct 2012) New Revision: 5525
Modified: trunk/wooly/python/wooly/server.py Log: Prevent unknown ca alert exceptions from restarting the web server BZ842286
Modified: trunk/wooly/python/wooly/server.py =================================================================== --- trunk/wooly/python/wooly/server.py 2012-10-29 15:41:32 UTC (rev 5524) +++ trunk/wooly/python/wooly/server.py 2012-10-29 18:12:26 UTC (rev 5525) @@ -7,6 +7,26 @@
log = logging.getLogger("wooly.server")
+try: + from wsgiserver.ssl_builtin import BuiltinSSLAdapter + import ssl + class PatchBuiltinSSLAdapter(BuiltinSSLAdapter): + def wrap(self, sock): + ''' + Overload the wrap method and suppress unknown + ca alerts from clients on connection + ''' + try: + s, env = super(PatchBuiltinSSLAdapter, self).wrap(sock) + except ssl.SSLError, e: + if e.errno != ssl.SSL_ERROR_SSL or \ + not e.args[1].endswith('alert unknown ca'): + raise + s, env = None, {} + return s, env +except: + pass + class WebServer(object): http_date = "%a, %d %b %Y %H:%M:%S %Z" http_date_gmt = "%a, %d %b %Y %H:%M:%S GMT" @@ -265,9 +285,8 @@
# Try the Python ssl module solution first try: - from wsgiserver.ssl_builtin import BuiltinSSLAdapter - ssl_adapter = BuiltinSSLAdapter(self.server.server_cert, - self.server.server_key) + ssl_adapter = PatchBuiltinSSLAdapter(self.server.server_cert, + self.server.server_key) log.info("Webserver: ssl enabled via the Python ssl module.") except: pass
cumin-developers@lists.fedorahosted.org