mirror of
https://github.com/OpenKMIP/PyKMIP.git
synced 2025-07-21 13:04:22 +02:00
Move TLS server handshake down to connection thread
When TLS handshake is performed while in `accept()` call, main thread might blocked up to network timeout effectively locking out other clients from being able to establish connection with PyKMIP server. Easy way to reproduce the problem: 1. Start PyKMIP server 2. Establish TCP connection with `nc -v 127.0.0.1 5696` 3. Attempt to connect (concurrently): `openssl s_client -host 127.0.0.1 -port 5696` Without the fix, `openssl` would be blocked (won't even do initial TLS handshake) until `nc` connection times out.
This commit is contained in:
parent
004ff92ffb
commit
1a723f224d
@ -295,7 +295,7 @@ class KmipServer(object):
|
||||
cert_reqs=ssl.CERT_REQUIRED,
|
||||
ssl_version=self.auth_suite.protocol,
|
||||
ca_certs=self.config.settings.get('ca_path'),
|
||||
do_handshake_on_connect=True,
|
||||
do_handshake_on_connect=False,
|
||||
suppress_ragged_eofs=True,
|
||||
ciphers=self.auth_suite.ciphers
|
||||
)
|
||||
|
@ -97,14 +97,20 @@ class KmipSession(threading.Thread):
|
||||
"""
|
||||
self._logger.info("Starting session: {0}".format(self.name))
|
||||
|
||||
while True:
|
||||
try:
|
||||
self._handle_message_loop()
|
||||
except exceptions.ConnectionClosed as e:
|
||||
break
|
||||
except Exception as e:
|
||||
self._logger.info("Failure handling message loop")
|
||||
self._logger.exception(e)
|
||||
try:
|
||||
self._connection.do_handshake()
|
||||
except Exception as e:
|
||||
self._logger.info("Failure running TLS handshake")
|
||||
self._logger.exception(e)
|
||||
else:
|
||||
while True:
|
||||
try:
|
||||
self._handle_message_loop()
|
||||
except exceptions.ConnectionClosed as e:
|
||||
break
|
||||
except Exception as e:
|
||||
self._logger.info("Failure handling message loop")
|
||||
self._logger.exception(e)
|
||||
|
||||
self._connection.shutdown(socket.SHUT_RDWR)
|
||||
self._connection.close()
|
||||
|
Loading…
x
Reference in New Issue
Block a user