-
David Johnson authored
Now we rely on the builtin SocketServer and ssl modules. This combination is basically feature-equivalent to m2crypto, for our purposes. The hack that sets a socket timeout to prevent non-ssl clients tying up the server's main thread (see commit 381e67a3) remains, but is significantly easier. The problem is that the ssl.SSLSocket.accept method combines both the accept() on the server socket, and the ssl handshake "accept", into one function call, so we don't get an opportunity to propagate the finite timeout from the server socket to the client. Thus, we override SSLSocket.accept in our own derived class, and avoid using the ssl module's various wrap_socket helpers. It seems reasonable to enable this by default, especially now that we're no longer vulnerable to m2crypto version variance. I also added real argument processing to make it easier to run devel versions.
fccfee60