diff options
| author | Brad Warren <bmw@users.noreply.github.com> | 2022-04-06 02:12:38 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-06 02:12:38 +0300 |
| commit | 87216372dd52277b10fa040591ec6ddfa17825e5 (patch) | |
| tree | fbd4d56a689d30b75a58a1bd89557967843b6a61 | |
| parent | b7df4416b5c3119b2dc37fda57bf0cf82ad2be14 (diff) | |
Fix race condition and uncaught exception (#9264)
* Fix race condition and uncaught exception
* fix typo
| -rw-r--r-- | acme/acme/crypto_util.py | 11 | ||||
| -rw-r--r-- | acme/acme/standalone.py | 18 |
2 files changed, 14 insertions, 15 deletions
diff --git a/acme/acme/crypto_util.py b/acme/acme/crypto_util.py index eb6672926..f81d0e592 100644 --- a/acme/acme/crypto_util.py +++ b/acme/acme/crypto_util.py @@ -120,7 +120,14 @@ class SSLSocket: # pylint: disable=too-few-public-methods def shutdown(self, *unused_args: Any) -> bool: # OpenSSL.SSL.Connection.shutdown doesn't accept any args - return self._wrapped.shutdown() + try: + return self._wrapped.shutdown() + except SSL.Error as error: + # We wrap the error so we raise the same error type as sockets + # in the standard library. This is useful when this object is + # used by code which expects a standard socket such as + # socketserver in the standard library. + raise socket.error(error) def accept(self) -> Tuple[FakeConnection, Any]: # pylint: disable=missing-function-docstring sock, addr = self.sock.accept() @@ -135,6 +142,8 @@ class SSLSocket: # pylint: disable=too-few-public-methods ssl_sock = self.FakeConnection(SSL.Connection(context, sock)) ssl_sock.set_accept_state() + # This log line is especially desirable because without it requests to + # our standalone TLSALPN server would not be logged. logger.debug("Performing handshake with %s", addr) try: ssl_sock.do_handshake() diff --git a/acme/acme/standalone.py b/acme/acme/standalone.py index f2df276a4..a23f6d603 100644 --- a/acme/acme/standalone.py +++ b/acme/acme/standalone.py @@ -153,8 +153,11 @@ class TLSALPN01Server(TLSServer, ACMEServerMixin): certs: List[Tuple[crypto.PKey, crypto.X509]], challenge_certs: Mapping[str, Tuple[crypto.PKey, crypto.X509]], ipv6: bool = False) -> None: + # We don't need to implement a request handler here because the work + # (including logging) is being done by wrapped socket set up in the + # parent TLSServer class. TLSServer.__init__( - self, server_address, _BaseRequestHandlerWithLogging, certs=certs, + self, server_address, socketserver.BaseRequestHandler, certs=certs, ipv6=ipv6) self.challenge_certs = challenge_certs @@ -303,16 +306,3 @@ class HTTP01RequestHandler(BaseHTTPServer.BaseHTTPRequestHandler): return functools.partial( cls, simple_http_resources=simple_http_resources, timeout=timeout) - - -class _BaseRequestHandlerWithLogging(socketserver.BaseRequestHandler): - """BaseRequestHandler with logging.""" - - def log_message(self, format: str, *args: Any) -> None: # pylint: disable=redefined-builtin - """Log arbitrary message.""" - logger.debug("%s - - %s", self.client_address[0], format % args) - - def handle(self) -> None: - """Handle request.""" - self.log_message("Incoming request") - socketserver.BaseRequestHandler.handle(self) |