diff options
author | Chris Dent <chris.dent@gmail.com> | 2019-01-04 17:45:39 +0000 |
---|---|---|
committer | Chris Dent <chris.dent@gmail.com> | 2019-01-04 17:45:39 +0000 |
commit | edd3469847bd943ac28ff85607d585555290f650 (patch) | |
tree | a495df2695c2b0a87c9b2dd73a0793ec889b4c68 | |
parent | 5015532233dc25bf1594f79c0af7daf8d59a5f80 (diff) | |
download | paste-git-fix-19.tar.gz |
Remove use of _lock around get and set timeout of SSL connectionfix-19
The maintainers of pyOpenSSL have deprecated the tsafe module
because it is neither used nor complete. It was removed from
in paste in 78dd2ec01384 but because of a lack of test coverage
it caused a regression as described in #19.
Reviewing the code and pyOpenSSL, it appears that the right
fix is to simply not subclass the SSL.Connection, and let
get and set timeout be called on the socket object that
Connection keeps, without a lock.
A concern here is that if someone is doing something multi-
threaded with paste/httpserver the removal of the use of tsafe
may present some issues. On the other hand, if someone is
doing something multi-threaded, one hopes they are using a
more robust web and modern web server.
Fixes #19
-rwxr-xr-x | paste/httpserver.py | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/paste/httpserver.py b/paste/httpserver.py index 803fbe1..509f55c 100755 --- a/paste/httpserver.py +++ b/paste/httpserver.py @@ -361,7 +361,7 @@ else: Provides SSL server functionality on top of the BaseHTTPServer by overriding _private_ members of Python's standard distribution. The interface for this instance only changes by - adding a an optional ssl_context attribute to the constructor: + adding an optional ssl_context attribute to the constructor: cntx = SSL.Context(SSL.SSLv23_METHOD) cntx.use_privatekey_file("host.pem") @@ -379,20 +379,7 @@ else: self.socket_type) self.ssl_context = ssl_context if ssl_context: - class SSLConnection(SSL.Connection): - def settimeout(self, *args): - self._lock.acquire() - try: - return self._ssl_conn.settimeout(*args) - finally: - self._lock.release() - def gettimeout(self): - self._lock.acquire() - try: - return self._ssl_conn.gettimeout() - finally: - self._lock.release() - self.socket = SSLConnection(ssl_context, self.socket) + self.socket = SSL.Connection(ssl_context, self.socket) self.server_bind() if request_queue_size: self.socket.listen(request_queue_size) |