Terminate erroneous connections even if they would have been

persistent, on the theory that non-persistent connections have fewer failure modes and we don't care all that much about efficiency when something bad is happening. Reexamine this decision later, as it smells like a potential DoS vector. svn path=/myrpki/myirbe.py; revision=2574
author: Rob Austein <sra@hactrn.net> 2009-07-04 22:34:50 +0000
committer: Rob Austein <sra@hactrn.net> 2009-07-04 22:34:50 +0000
commit: 90a2370c7c977c607ff2f0d50ccb12b1012f0360 (patch)
tree: a272440a33e854d9d3583d2e1d1c12e482a9af26 /rpkid/rpki/https.py
parent: 9893aed036a090f3c0d88cb09232811a21cff40d (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/rpkid/rpki/https.py b/rpkid/rpki/https.py
index e27c353b..1a433fd5 100644
--- a/rpkid/rpki/https.py
+++ b/rpkid/rpki/https.py
@@ -46,10 +46,10 @@ rpki_content_type = "application/x-rpki"
 # ================================================================
 
 # Chatter about TLS certificates
-debug_tls_certs = False
+debug_tls_certs = True
 
 # Verbose chatter about HTTP streams
-debug = False
+debug = True
 
 # Whether we want persistent HTTP streams, when peer also supports them
 want_persistent_client = True
@@ -440,6 +440,8 @@ class http_server(http_stream):
 
   def send_message(self, code, reason = "OK", body = None):
     self.log("Sending response %s %s" % (code, reason))
+    if code >= 400:
+      self.expect_close = True
     msg = http_response(code = code, reason = reason, body = body,
                         Content_Type = rpki_content_type,
                         Connection = "Close" if self.expect_close else "Keep-Alive")
author	Rob Austein <sra@hactrn.net>	2009-07-04 22:34:50 +0000
committer	Rob Austein <sra@hactrn.net>	2009-07-04 22:34:50 +0000
commit	90a2370c7c977c607ff2f0d50ccb12b1012f0360 (patch)
tree	a272440a33e854d9d3583d2e1d1c12e482a9af26 /rpkid/rpki/https.py
parent	9893aed036a090f3c0d88cb09232811a21cff40d (diff)