Message10535

Author	zyasoft
Recipients	darjus, kaneg, zyasoft
Date	2015-12-14.16:14:31
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1450109672.75.0.632078292594.issue2439@psf.upfronthosting.co.za>
In-reply-to

Content
Darjus, right. We need to start with these additions to SSLSocket class: + def listen(self, backlog): + self.sock.listen(backlog) + + def accept(self): + """Accepts a new connection from a remote client, and returns + a tuple containing that new connection wrapped with a server-side + SSL channel, and the address of the remote client.""" + + newsock, addr = self.sock.accept() + newsock = self._context.wrap_socket(newsock, + do_handshake_on_connect=self.do_handshake_on_connect, + suppress_ragged_eofs=self.suppress_ragged_eofs, + server_side=True) + return newsock, addr (I got that from CPython's implementation, with some minor changes.) But the key piece is to insert the SSL handler at the right time in the pipeline, by using the ChildSocketHandler, so the socket is actually wrapped. This intersects with the inbound handler - we have all this latch machinery to do late insertions with respect to send/recv - otherwise one will see a race where ciphertext is being interpreted as plaintext. I think it would be a good idea if I documented the state transitions for socket, select, ssl - it's definitely a complicated state machine now!

Darjus, right. We need to start with these additions to SSLSocket class:

+    def listen(self, backlog):
+        self.sock.listen(backlog)
+
+    def accept(self):
+        """Accepts a new connection from a remote client, and returns
+        a tuple containing that new connection wrapped with a server-side
+        SSL channel, and the address of the remote client."""
+
+        newsock, addr = self.sock.accept()
+        newsock = self._context.wrap_socket(newsock,
+                    do_handshake_on_connect=self.do_handshake_on_connect,
+                    suppress_ragged_eofs=self.suppress_ragged_eofs,
+                    server_side=True)
+        return newsock, addr

(I got that from CPython's implementation, with some minor changes.)

But the key piece is to insert the SSL handler at the right time in the pipeline, by using the ChildSocketHandler, so the socket is actually wrapped. This intersects with the inbound handler - we have all this latch machinery to do late insertions with respect to send/recv - otherwise one will see a race where ciphertext is being interpreted as plaintext.

I think it would be a good idea if I documented the state transitions for socket, select, ssl - it's definitely a complicated state machine now!

History
Date	User	Action	Args
2015-12-14 16:14:32	zyasoft	set	messageid: <1450109672.75.0.632078292594.issue2439@psf.upfronthosting.co.za>
2015-12-14 16:14:32	zyasoft	set	recipients: + zyasoft, darjus, kaneg
2015-12-14 16:14:32	zyasoft	link	issue2439 messages
2015-12-14 16:14:31	zyasoft	create