Commit fccfee60 authored by David Johnson's avatar David Johnson

Remove m2crypto from sslxmlrpc_server; enable ssl handshake timeout by default.

Now we rely on the builtin SocketServer and ssl modules.  This combination is
basically feature-equivalent to m2crypto, for our purposes.  The hack that
sets a socket timeout to prevent non-ssl clients tying up the server's main
thread (see commit 381e67a3) remains, but is significantly easier.  The
problem is that the ssl.SSLSocket.accept method combines both the accept()
on the server socket, and the ssl handshake "accept", into one function call,
so we don't get an opportunity to propagate the finite timeout from the
server socket to the client.  Thus, we override SSLSocket.accept in our own
derived class, and avoid using the ssl module's various wrap_socket helpers.

It seems reasonable to enable this by default, especially now that we're
no longer vulnerable to m2crypto version variance.

I also added real argument processing to make it easier to run devel versions.
parent 59497b87
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment