tyler.durden/PyKMIP
1
0
Fork 0
mirror of https://github.com/OpenKMIP/PyKMIP.git synced 2025-07-23 14:04:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Move TLS server handshake down to connection thread

Browse Source 
When TLS handshake is performed while in `accept()` call, main thread
might blocked up to network timeout effectively locking out other
clients from being able to establish connection with PyKMIP server.

Easy way to reproduce the problem:

1. Start PyKMIP server

2. Establish TCP connection with `nc -v 127.0.0.1 5696`

3. Attempt to connect (concurrently):
   `openssl s_client -host 127.0.0.1 -port 5696`

Without the fix, `openssl` would be blocked (won't even do initial TLS
handshake) until `nc` connection times out.
This commit is contained in:
Andrey Smirnov 2019-02-28 19:18:12 +03:00 committed by Peter Hamilton
parent 004ff92ffb
commit 1a723f224d
2 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
kmip/services/server/server.py
View File

@ -295,7 +295,7 @@ class KmipServer(object):
cert_reqs=ssl.CERT_REQUIRED, cert_reqs=ssl.CERT_REQUIRED,
ssl_version=self.auth_suite.protocol, ssl_version=self.auth_suite.protocol,
ca_certs=self.config.settings.get('ca_path'), ca_certs=self.config.settings.get('ca_path'),
do_handshake_on_connect=True, do_handshake_on_connect=False,
suppress_ragged_eofs=True, suppress_ragged_eofs=True,
ciphers=self.auth_suite.ciphers ciphers=self.auth_suite.ciphers
) )

6
kmip/services/server/session.py
View File

@ -97,6 +97,12 @@ class KmipSession(threading.Thread):
""" """
self._logger.info("Starting session: {0}".format(self.name)) self._logger.info("Starting session: {0}".format(self.name))
try:
self._connection.do_handshake()
except Exception as e:
self._logger.info("Failure running TLS handshake")
self._logger.exception(e)
else:
while True: while True:
try: try:
self._handle_message_loop() self._handle_message_loop()