Move TLS server handshake down to connection thread

When TLS handshake is performed while in `accept()` call, main thread might blocked up to network timeout effectively locking out other clients from being able to establish connection with PyKMIP server. Easy way to reproduce the problem: 1. Start PyKMIP server 2. Establish TCP connection with `nc -v 127.0.0.1 5696` 3. Attempt to connect (concurrently): `openssl s_client -host 127.0.0.1 -port 5696` Without the fix, `openssl` would be blocked (won't even do initial TLS handshake) until `nc` connection times out.
2025-07-23 22:14:25 +02:00 · 2019-02-28 19:18:12 +03:00 · 2019-02-28 19:18:12 +03:00 · 1a723f224d
commit 1a723f224d
parent 004ff92ffb
2 changed files with 15 additions and 9 deletions
--- a/kmip/services/server/server.py
+++ b/kmip/services/server/server.py
@ -295,7 +295,7 @@ class KmipServer(object):
            cert_reqs=ssl.CERT_REQUIRED,
            ssl_version=self.auth_suite.protocol,
            ca_certs=self.config.settings.get('ca_path'),
-            do_handshake_on_connect=True,
+            do_handshake_on_connect=False,
            suppress_ragged_eofs=True,
            ciphers=self.auth_suite.ciphers
        )
--- a/kmip/services/server/session.py
+++ b/kmip/services/server/session.py
@ -97,14 +97,20 @@ class KmipSession(threading.Thread):
        """
        self._logger.info("Starting session: {0}".format(self.name))

-        while True:
-            try:
-                self._handle_message_loop()
-            except exceptions.ConnectionClosed as e:
-                break
-            except Exception as e:
-                self._logger.info("Failure handling message loop")
-                self._logger.exception(e)
+        try:
+            self._connection.do_handshake()
+        except Exception as e:
+            self._logger.info("Failure running TLS handshake")
+            self._logger.exception(e)
+        else:
+            while True:
+                try:
+                    self._handle_message_loop()
+                except exceptions.ConnectionClosed as e:
+                    break
+                except Exception as e:
+                    self._logger.info("Failure handling message loop")
+                    self._logger.exception(e)

        self._connection.shutdown(socket.SHUT_RDWR)
        self._connection.close()