From deffed8f1410f67d82d9043757ce65ecccc1a27c Mon Sep 17 00:00:00 2001 From: Unrud Date: Thu, 27 Jul 2017 01:24:53 +0200 Subject: [PATCH] Do SSL handshake in request thread (fixes #674) The handshake could block the main thread, especially since the socket timeout was not set at that point. --- radicale/__init__.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/radicale/__init__.py b/radicale/__init__.py index bed7131..cbc025b 100644 --- a/radicale/__init__.py +++ b/radicale/__init__.py @@ -154,7 +154,8 @@ class HTTPSServer(HTTPServer): cert_reqs=ssl.CERT_REQUIRED if self.certificate_authority else ssl.CERT_NONE, ca_certs=self.certificate_authority or None, - ssl_version=self.protocol, ciphers=self.ciphers) + ssl_version=self.protocol, ciphers=self.ciphers, + do_handshake_on_connect=False) self.server_bind() self.server_activate() @@ -168,6 +169,19 @@ class ThreadedHTTPServer(socketserver.ThreadingMixIn, HTTPServer): class ThreadedHTTPSServer(socketserver.ThreadingMixIn, HTTPSServer): def process_request_thread(self, request, client_address): + try: + try: + request.do_handshake() + except socket.timeout: + raise + except Exception as e: + raise RuntimeError("SSL handshake failed: %s" % e) from e + except Exception: + try: + self.handle_error(request, client_address) + finally: + self.shutdown_request(request) + return with self.connections_guard: return super().process_request_thread(request, client_address)