| 2553 | from test.ssl_servers import make_https_server |
| 2554 | |
| 2555 | class ThreadedEchoServer(threading.Thread): |
| 2556 | |
| 2557 | class ConnectionHandler(threading.Thread): |
| 2558 | |
| 2559 | """A mildly complicated class, because we want it to work both |
| 2560 | with and without the SSL wrapper around the socket connection, so |
| 2561 | that we can test the STARTTLS functionality.""" |
| 2562 | |
| 2563 | def __init__(self, server, connsock, addr): |
| 2564 | self.server = server |
| 2565 | self.running = False |
| 2566 | self.sock = connsock |
| 2567 | self.addr = addr |
| 2568 | self.sock.setblocking(True) |
| 2569 | self.sslconn = None |
| 2570 | threading.Thread.__init__(self) |
| 2571 | self.daemon = True |
| 2572 | |
| 2573 | def wrap_conn(self): |
| 2574 | try: |
| 2575 | self.sslconn = self.server.context.wrap_socket( |
| 2576 | self.sock, server_side=True) |
| 2577 | self.server.selected_alpn_protocols.append(self.sslconn.selected_alpn_protocol()) |
| 2578 | except (ConnectionResetError, BrokenPipeError, ConnectionAbortedError) as e: |
| 2579 | # We treat ConnectionResetError as though it were an |
| 2580 | # SSLError - OpenSSL on Ubuntu abruptly closes the |
| 2581 | # connection when asked to use an unsupported protocol. |
| 2582 | # |
| 2583 | # BrokenPipeError is raised in TLS 1.3 mode, when OpenSSL |
| 2584 | # tries to send session tickets after handshake. |
| 2585 | # https://github.com/openssl/openssl/issues/6342 |
| 2586 | # |
| 2587 | # ConnectionAbortedError is raised in TLS 1.3 mode, when OpenSSL |
| 2588 | # tries to send session tickets after handshake when using WinSock. |
| 2589 | self.server.conn_errors.append(str(e)) |
| 2590 | if self.server.chatty: |
| 2591 | handle_error("\n server: bad connection attempt from " + repr(self.addr) + ":\n") |
| 2592 | self.running = False |
| 2593 | self.close() |
| 2594 | return False |
| 2595 | except (ssl.SSLError, OSError) as e: |
| 2596 | # OSError may occur with wrong protocols, e.g. both |
| 2597 | # sides use PROTOCOL_TLS_SERVER. |
| 2598 | # |
| 2599 | # XXX Various errors can have happened here, for example |
| 2600 | # a mismatching protocol version, an invalid certificate, |
| 2601 | # or a low-level bug. This should be made more discriminating. |
| 2602 | # |
| 2603 | # bpo-31323: Store the exception as string to prevent |
| 2604 | # a reference leak: server -> conn_errors -> exception |
| 2605 | # -> traceback -> self (ConnectionHandler) -> server |
| 2606 | self.server.conn_errors.append(str(e)) |
| 2607 | if self.server.chatty: |
| 2608 | handle_error("\n server: bad connection attempt from " + repr(self.addr) + ":\n") |
| 2609 | |
| 2610 | # bpo-44229, bpo-43855, bpo-44237, and bpo-33450: |
| 2611 | # Ignore spurious EPROTOTYPE returned by write() on macOS. |
| 2612 | # See also http://erickt.github.io/blog/2014/11/19/adventures-in-debugging-a-potential-osx-kernel-bug/ |
no outgoing calls
searching dependent graphs…