diff options
| author | Rob Austein <sra@hactrn.net> | 2009-07-18 15:36:37 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2009-07-18 15:36:37 +0000 |
| commit | caaed2272c9c42bb58dc4c65e1092b3122911129 (patch) | |
| tree | fbafed163914f67e8495e65990a93cd8ead87e39 | |
| parent | ad8c775eccee8f666087e63f3a13931eacb4c5dd (diff) | |
Fix race condition in TLS connect phase of HTTPS client state machine.
svn path=/rpkid/rpki/https.py; revision=2644
| -rw-r--r-- | rpkid/rpki/https.py | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py index 2494d2ac..cb5b0e38 100644 --- a/rpkid/rpki/https.py +++ b/rpkid/rpki/https.py @@ -45,12 +45,12 @@ rpki_content_type = "application/x-rpki" # ================================================================ -# Chatter about TLS certificates -debug_tls_certs = False - # Verbose chatter about HTTP streams debug = False +# Extra chatter about TLS certificates +debug_tls_certs = False + # Whether we want persistent HTTP streams, when peer also supports them want_persistent_client = True want_persistent_server = True @@ -332,7 +332,7 @@ class http_stream(asynchat.async_chat): else: asynchat.async_chat.handle_write(self) - def initate_send(self): + def initiate_send(self): assert self.retry_read is None and self.retry_write is None, "%r: TLS I/O already in progress, r %r w %r" % (self, self.retry_read, self.retry_write) try: asynchat.async_chat.initiate_send(self) @@ -530,9 +530,7 @@ class http_client(http_stream): self.handle_error() def handle_connect(self): - self.log("Connected") - self.set_state("idle") - + self.log("Socket connected") self.tls = POW.Ssl(POW.TLSV1_CLIENT_METHOD) self.log_cert("client", self.cert) self.tls.useCertificate(self.cert.get_POW()) @@ -543,7 +541,6 @@ class http_client(http_stream): self.log_cert("trusted", x) self.tls.addTrust(x.get_POW()) self.tls.setVerifyMode(POW.SSL_VERIFY_PEER | POW.SSL_VERIFY_FAIL_IF_NO_PEER_CERT) - self.tls.setFd(self.fileno()) self.tls_connect() @@ -555,6 +552,8 @@ class http_client(http_stream): except POW.WantWriteError: self.retry_write = self.tls_connect else: + self.log("TLS connected") + self.set_state("idle") self.queue.send_request() def set_state(self, state): @@ -653,7 +652,7 @@ class http_queue(object): self.log("Sending request to existing client %r" % self.client) self.send_request() else: - self.log("Client exists and is not idle") + self.log("Client %r exists in state %r" % (self.client, self.client.state)) def send_request(self): if self.queue: |