Skip to content
  • David Johnson's avatar
    Remove m2crypto from sslxmlrpc_server; enable ssl handshake timeout by default. · fccfee60
    David Johnson authored
    Now we rely on the builtin SocketServer and ssl modules.  This combination is
    basically feature-equivalent to m2crypto, for our purposes.  The hack that
    sets a socket timeout to prevent non-ssl clients tying up the server's main
    thread (see commit 381e67a3) remains, but is significantly easier.  The
    problem is that the ssl.SSLSocket.accept method combines both the accept()
    on the server socket, and the ssl handshake "accept", into one function call,
    so we don't get an opportunity to propagate the finite timeout from the
    server socket to the client.  Thus, we override SSLSocket.accept in our own
    derived class, and avoid using the ssl module's various wrap_socket helpers.
    
    It seems reasonable to enable this by default, especially now that we're
    no longer vulnerable to m2crypto version variance.
    
    I also added real argument processing to make it easier to run devel versions.
    fccfee60