Commit 09f557d8 authored by Mukund Sivaraman's avatar Mukund Sivaraman
Browse files

Merge branch 'trac2962'

parents 9c3f96ec 2b589c64
......@@ -57,12 +57,19 @@ b10_certgen_CXXFLAGS = $(BOTAN_INCLUDES)
b10_certgen_LDFLAGS = $(BOTAN_LIBS)
# Generate the initial certificates immediately
cmdctl-certfile.pem: b10-certgen
./b10-certgen -q -w
cmdctl-keyfile.pem: b10-certgen
./b10-certgen -q -w
# This is a hack, as b10-certgen creates both cmdctl-keyfile.pem and
# cmdctl-certfile.pem, and in a parallel make, making these targets
# simultaneously may result in corrupted files. With GNU make, there is
# a non-portable way of working around this with pattern rules, but we
# adopt this hack instead. The downside is that cmdctl-certfile.pem will
# not be re-generated if cmdctl-keyfile.pem exists and is older. See
# Trac ticket #2962.
cmdctl-certfile.pem: cmdctl-keyfile.pem
touch $(builddir)/cmdctl-keyfile.pem
if INSTALL_CONFIGURATIONS
# Below we intentionally use ${INSTALL} -m 640 instead of $(INSTALL_DATA)
......
......@@ -601,12 +601,13 @@ class SecureHTTPServer(socketserver_mixin.NoPollMixIn,
# error)
return ssl_sock
except ssl.SSLError as err:
self.close_request(sock)
logger.error(CMDCTL_SSL_SETUP_FAILURE_USER_DENIED, err)
raise
except (CmdctlException, IOError) as cce:
self.close_request(sock)
logger.error(CMDCTL_SSL_SETUP_FAILURE_READING_CERT, cce)
self.close_request(sock)
# raise socket error to finish the request
raise socket.error
raise
def get_request(self):
'''Get client request socket and wrap it in SSL context. '''
......
......@@ -15,7 +15,7 @@
import unittest
import socket
import ssl, socket
import tempfile
import time
import stat
......@@ -729,16 +729,15 @@ class TestSecureHTTPServer(unittest.TestCase):
def test_wrap_sock_in_ssl_context(self):
sock = socket.socket()
# Bad files should result in a socket.error raised by our own
# code in the basic file checks
self.assertRaises(socket.error,
# Bad files should result in a CmdctlException in the basic file
# checks
self.assertRaises(CmdctlException,
self.server._wrap_socket_in_ssl_context,
sock,
'no_such_file', 'no_such_file')
# Using a non-certificate file would cause an SSLError, which
# is caught by our code which then raises a basic socket.error
self.assertRaises(socket.error,
# Using a non-certificate file would cause an SSLError
self.assertRaises(ssl.SSLError,
self.server._wrap_socket_in_ssl_context,
sock,
BUILD_FILE_PATH + 'cmdctl.py',
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment