From 4f543e14c1cf6b6514160f537cb695f509c115be Mon Sep 17 00:00:00 2001 From: Peter Surda Date: Sat, 7 Jan 2017 23:42:07 +0100 Subject: [PATCH] TLS handshake fix - TLS handshake in python is apparently always asynchronous, so it needs proper handling of SSLWantReadError and SSLWantWriteError - also adds a timeout and a proper shutdown if handshake fails --- src/class_receiveDataThread.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/class_receiveDataThread.py b/src/class_receiveDataThread.py index 0b686ddf..c69697d6 100644 --- a/src/class_receiveDataThread.py +++ b/src/class_receiveDataThread.py @@ -294,14 +294,18 @@ class receiveDataThread(threading.Thread): while True: try: self.sslSock.do_handshake() + logger.debug("TLS handshake success") break - except ssl.SSLError as e: - if e.errno == 2: - select.select([self.sslSock], [self.sslSock], []) - else: - break + except ssl.SSLWantReadError: + logger.debug("Waiting for SSL socket handhake read") + select.select([self.sslSock], [], [], 10) + except ssl.SSLWantWriteError: + logger.debug("Waiting for SSL socket handhake write") + select.select([], [self.sslSock], [], 10) except: - break + logger.debug("SSL socket handhake failed, shutting down connection") + self.sendDataThreadQueue.put((0, 'shutdown','tls handshake fail')) + return # Command the corresponding sendDataThread to set its own connectionIsOrWasFullyEstablished variable to True also self.sendDataThreadQueue.put((0, 'connectionIsOrWasFullyEstablished', (self.services, self.sslSock)))