def _create_socketpair(self):
"""Create the socket pair."""
self._sockets = socketpair()
if hasattr(socket, '_socketobject'):
# Python 2.x needs this extra indirection to fill in some
# platform specific functionality..
self._sockets = (socket._socketobject(_sock=self._sockets[0]),
socket._socketobject(_sock=self._sockets[1]))
for sock in self._sockets:
sock.setblocking(False)
def _create_socketpair(self):
"""Create the socket pair."""
self._sockets = socketpair()
if hasattr(socket, '_socketobject'):
# Python 2.x needs this extra indirection to fill in some
# platform specific functionality..
self._sockets = (socket._socketobject(_sock=self._sockets[0]),
socket._socketobject(_sock=self._sockets[1]))
for sock in self._sockets:
sock.setblocking(False)
def connect(self, timeout=HTTPS_CONNECTION_TIMEOUT):
"Connect to a host on a given (SSL) port."
sock = Socket.connect((self.host, self.port), timeout=timeout)
sock.socket.setblocking(1)
_sock = _socketobject(_sock=sock.socket)
if self._tunnel_host:
self.sock = sock
self._tunnel()
self.sock = ssl.wrap_socket(_sock, self.key_file, self.cert_file)
self.sock.setblocking(0)
def is_tor_port(port):
try:
s = socket._socketobject(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(0.1)
s.connect(("127.0.0.1", port))
# Tor responds uniquely to HTTP-like requests
s.send("GET\n")
if "Tor is not an HTTP Proxy" in s.recv(1024):
return True
except socket.error:
pass
return False
def is_tor_port(port):
try:
s = socket._socketobject(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(0.1)
s.connect(("127.0.0.1", port))
# Tor responds uniquely to HTTP-like requests
s.send("GET\n")
if "Tor is not an HTTP Proxy" in s.recv(1024):
return True
except socket.error:
pass
return False
class HTTPproxy(Thread):
def __init__(self):
self.sockPairList = []
self.callgate = None
def accept_callback(self, (conn, addr)):
# conn is the new socket (e32socket.Socket type), addr the address it was connected from
print conn, addr
print "append sockpair"
self.sockPairList.append(
SockPair(socket._socketobject(conn, socket.AF_INET), None))
self.sock.accept(self.accept_callback)
def wrap_socket(server, file_descriptor):
# type: (MatrixServer, int) -> None
sock = None # type: socket.socket
temp_socket = socket.fromfd(file_descriptor, socket.AF_INET,
socket.SOCK_STREAM)
# fromfd() duplicates the file descriptor, we can close the one we got from
# weechat now since we use the one from our socket when calling hook_fd()
os.close(file_descriptor)
# For python 2.7 wrap_socket() doesn't work with sockets created from an
# file descriptor because fromfd() doesn't return a wrapped socket, the bug
# was fixed for python 3, more info: https://bugs.python.org/issue13942
# pylint: disable=protected-access,unidiomatic-typecheck
if type(temp_socket) == socket._socket.socket:
# pylint: disable=no-member
sock = socket._socketobject(_sock=temp_socket)
else:
sock = temp_socket
# fromfd() duplicates the file descriptor but doesn't retain it's blocking
# non-blocking attribute, so mark the socket as non-blocking even though
# weechat already did that for us
sock.setblocking(False)
message = "{prefix}matrix: Doing SSL handshake...".format(
prefix=W.prefix("network"))
W.prnt(server.server_buffer, message)
ssl_socket = server.ssl_context.wrap_socket(
sock, do_handshake_on_connect=False,
server_hostname=server.address) # type: ssl.SSLSocket
server.socket = ssl_socket
try_ssl_handshake(server)
# restore the exit gracefully handler here
signal.signal(signal.SIGINT, exit_gracefully)
if __name__ == "__main__":
database = get_database(database_file)
# store the original SIGINT handler for ctrl-c handling
original_sigint = signal.getsignal(signal.SIGINT)
signal.signal(signal.SIGINT, exit_gracefully)
# Define parameters for tcp connection
TCP_IP = '192.168.1.117'
TCP_PORT = 60001
BUFFER_SIZE = 1405
conn = socket._socketobject(
) # Instantiate dummy conn variable in case ctrl-c is pressed before actual connection is established
# Open tcp connection
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR,
1) # Allow for the socket to be reused
s.bind((TCP_IP, TCP_PORT))
s.listen(1)
# While loop to receive data through tcp connection until ctrl-c is pressed
while 1:
# Wait to accept incoming connection from Wifly
conn, addr = s.accept()
print 'Connection address:', addr
while 1:
def main():
parser = optparse.OptionParser()
parser.add_option("-r",
"--reload",
action='store_true',
dest='reload',
help='If --reload is passed, reload the server any time '
'a loaded module changes.')
parser.add_option('--ssl-certificate',
dest='ssl_certificate',
type='string',
default='',
help='Absolute path to SSL certificate file.')
parser.add_option('--ssl-private-key',
dest='ssl_private_key',
type='string',
default='',
help='Absolute path to SSL private key.')
options, args = parser.parse_args()
if len(args) != 5:
print "Usage: %s controller_pid httpd_fd death_fd factory_qual factory_args" % (
sys.argv[0], )
sys.exit(1)
controller_pid, httpd_fd, death_fd, factory_qual, factory_args = args
controller_pid = int(controller_pid)
config = spawning.util.named(factory_qual)(json.loads(factory_args))
setproctitle("spawn: child (%s)" % ", ".join(config.get("args")))
## Set up status reporter, if requested
init_statusobj(config.get('status_port'))
## Set up the reloader
if config.get('reload'):
watch = config.get('watch', None)
if watch:
watching = ' and %s' % watch
else:
watching = ''
print "(%s) reloader watching sys.modules%s" % (os.getpid(), watching)
eventlet.spawn(reloader_dev.watch_forever, controller_pid, 1, watch)
## The parent will catch sigint and tell us to shut down
signal.signal(signal.SIGINT, signal.SIG_IGN)
## Expect a SIGHUP when we want the child to die
signal.signal(signal.SIGHUP, child_sighup)
eventlet.spawn(read_pipe_and_die, int(death_fd), eventlet.getcurrent())
## Make the socket object from the fd given to us by the controller
sock = eventlet.greenio.GreenSocket(
socket.fromfd(int(httpd_fd), socket.AF_INET, socket.SOCK_STREAM))
if options.ssl_certificate and options.ssl_private_key:
# The way spawning works is that there's a parent process which forks off long-lived
# children, each of which can be multithreaded. What we're using is a single-threaded,
# single-process server that does things asynchronously (using coroutines). Spawning creates
# a socket and then calls fork() at least once. In the child process, it exec()'s something
# else, so as a result the child loses all context. It puts the file descriptor for the
# socket as a command-line argument to the child, which then uses the fromfd function of the
# socket module to create a socket object. Unfortunately, the resulting object isn't quite
# the same as the socket created by the parent. In particular, when we go to upgrade this
# socket to ssl using eventlet's wrap_with_ssl(), it fails because it expects sock.fd to be
# of type "socket._socketobject", but it's actually of type "_socket.socket". Patching
# up the object in this way solves this problem.
sock.fd = socket._socketobject(_sock=sock.fd)
sock = eventlet.wrap_ssl(sock,
certfile=options.ssl_certificate,
keyfile=options.ssl_private_key,
server_side=True)
serve_from_child(sock, config, controller_pid)
# restore the exit gracefully handler here
signal.signal(signal.SIGINT, exit_gracefully)
if __name__ == "__main__":
database = get_database(database_file)
# store the original SIGINT handler for ctrl-c handling
original_sigint = signal.getsignal(signal.SIGINT)
signal.signal(signal.SIGINT, exit_gracefully)
# Define parameters for tcp connection
TCP_IP = '192.168.1.117'
TCP_PORT = 60001
BUFFER_SIZE = 1405
conn = socket._socketobject() # Instantiate dummy conn variable in case ctrl-c is pressed before actual connection is established
# Open tcp connection
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) # Allow for the socket to be reused
s.bind((TCP_IP, TCP_PORT))
s.listen(1)
# While loop to receive data through tcp connection until ctrl-c is pressed
while 1:
# Wait to accept incoming connection from Wifly
conn, addr = s.accept()
print 'Connection address:', addr
while 1:
# M6e is hardcoded to time out if not enough reads occur in 10 seconds
def main():
parser = optparse.OptionParser()
parser.add_option("-r", "--reload",
action='store_true', dest='reload',
help='If --reload is passed, reload the server any time '
'a loaded module changes.')
parser.add_option('--ssl-certificate', dest='ssl_certificate', type='string', default='',
help='Absolute path to SSL certificate file.')
parser.add_option('--ssl-private-key', dest='ssl_private_key', type='string', default='',
help='Absolute path to SSL private key.')
options, args = parser.parse_args()
if len(args) != 5:
print "Usage: %s controller_pid httpd_fd death_fd factory_qual factory_args" % (
sys.argv[0], )
sys.exit(1)
controller_pid, httpd_fd, death_fd, factory_qual, factory_args = args
controller_pid = int(controller_pid)
config = spawning.util.named(factory_qual)(json.loads(factory_args))
setproctitle("spawn: child (%s)" % ", ".join(config.get("args")))
## Set up status reporter, if requested
init_statusobj(config.get('status_port'))
## Set up the reloader
if config.get('reload'):
watch = config.get('watch', None)
if watch:
watching = ' and %s' % watch
else:
watching = ''
print "(%s) reloader watching sys.modules%s" % (os.getpid(), watching)
eventlet.spawn(
reloader_dev.watch_forever, controller_pid, 1, watch)
## The parent will catch sigint and tell us to shut down
signal.signal(signal.SIGINT, signal.SIG_IGN)
## Expect a SIGHUP when we want the child to die
signal.signal(signal.SIGHUP, child_sighup)
eventlet.spawn(read_pipe_and_die, int(death_fd), eventlet.getcurrent())
## Make the socket object from the fd given to us by the controller
sock = eventlet.greenio.GreenSocket(
socket.fromfd(int(httpd_fd), socket.AF_INET, socket.SOCK_STREAM))
if options.ssl_certificate and options.ssl_private_key:
# The way spawning works is that there's a parent process which forks off long-lived
# children, each of which can be multithreaded. What we're using is a single-threaded,
# single-process server that does things asynchronously (using coroutines). Spawning creates
# a socket and then calls fork() at least once. In the child process, it exec()'s something
# else, so as a result the child loses all context. It puts the file descriptor for the
# socket as a command-line argument to the child, which then uses the fromfd function of the
# socket module to create a socket object. Unfortunately, the resulting object isn't quite
# the same as the socket created by the parent. In particular, when we go to upgrade this
# socket to ssl using eventlet's wrap_with_ssl(), it fails because it expects sock.fd to be
# of type "socket._socketobject", but it's actually of type "_socket.socket". Patching
# up the object in this way solves this problem.
sock.fd = socket._socketobject(_sock=sock.fd)
sock = eventlet.wrap_ssl(sock, certfile=options.ssl_certificate, keyfile=options.ssl_private_key, server_side=True)
serve_from_child(sock, config, controller_pid)
def _socket_at(self, family, socktype, proto):
vrf = self.get_agent_mgr().agent_option("vrf") or ""
fd = self.vrf_mgr_.socket_at(family, socktype, proto, vrf)
return socket._socketobject(
_sock=socket.fromfd(fd, family, socktype, proto))
def proxy(self, method, url, headers, body, **kwargs):
if not self.auth(url):
if kwargs.get('http_proxy'):
self.set_header('Proxy-Authenticate', 'Basic realm="hello"')
self.set_status(407)
self.finish()
raise gen.Return()
else:
raise HTTPError(403)
req = tornado.httpclient.HTTPRequest(
method = method,
url = url,
headers = headers,
body = body or None,
decompress_response = False,
follow_redirects = False,
allow_nonstandard_methods = True)
if self.application.forward_proxies:
self.via_proxy = proxy = random.choice(self.application.forward_proxies)
try:
remote = yield gen.with_timeout(IOLoop.current().time()+10, tornado.tcpclient.TCPClient().connect(
proxy.hostname, int(proxy.port), ssl_options={} if proxy.scheme == 'https' else None))
except gen.TimeoutError:
raise HTTPError(504)
parsed = urlparse(req.url)
userpass = None
netloc = parsed.netloc
if '@' in parsed.netloc:
userpass, _, netloc = netloc.rpartition("@")
headers = tornado.httputil.HTTPHeaders(headers)
if parsed.scheme == 'https':
remote.write(utf8('CONNECT %s:%s HTTP/1.1\r\n' % (parsed.hostname, parsed.port or 443)))
remote.write(utf8('Host: %s\r\n' % netloc))
if proxy.username:
remote.write(utf8('Proxy-Authorization: Basic %s\r\n' %
b64encode('%s:%s' % (proxy.username, proxy.password))))
remote.write('\r\n')
yield remote.read_until('\r\n\r\n')
channel_a, channel_b = socket.socketpair()
if not hasattr(channel_a, '_sock'):
channel_a, channel_b = socket._socketobject(_sock=channel_a), socket._socketobject(_sock=channel_b)
channel_a, channel_b = tornado.iostream.IOStream(channel_a), tornado.iostream.IOStream(channel_b)
link(channel_a, remote)
link(remote, channel_a)
remote = yield channel_b.start_tls(False, {}, netloc)
request_path = parsed.path
if parsed.query:
request_path += '?%s' % parsed.query
remote.write(utf8('%s %s HTTP/1.1\r\n' % (req.method.upper(), urllib.quote(request_path))))
else:
remote.write(utf8('%s %s HTTP/1.1\r\n' % (req.method.upper(), req.url)))
if proxy.username:
headers['Proxy-Authorization'] = 'Basic %s' % b64encode('%s:%s' % (proxy.username, proxy.password))
if 'Host' not in headers:
headers['Host'] = netloc
# force disable connection
if not kwargs.get('http_proxy'):
headers['Connection'] = b'close'
if userpass:
headers['Authorization'] = utf8('basic %s' % b64encode(userpass))
if req.body:
headers['Content-Length'] = str(len(utf8(req.body)))
for key, value in headers.get_all():
remote.write(utf8('%s: %s\r\n' % (key, value)))
remote.write('\r\n')
if req.body:
remote.write(utf8(body))
yield remote.write(b'')
self._auto_finish = False
client = self.request.connection.detach()
# not forward any further message to remote, as current request had finished
if kwargs.get('http_proxy'):
link(client, remote)
link(remote, client)
self._log()
return
if kwargs.get('http_proxy'):
# streaming in http proxy mode
self._auto_finish = False
stream = self.request.connection.detach()
req.header_callback = lambda line, stream=stream: not stream.closed() and stream.write(line.encode()) if not line.startswith('Transfer-Encoding') else None
req.streaming_callback = lambda chunk, stream=stream: not stream.closed() and stream.write(chunk)
client = tornado.httpclient.AsyncHTTPClient()
try:
result = yield client.fetch(req)
except socket.gaierror:
print("Requested hostname not found: %s" % req.url)
except tornado.httpclient.HTTPError as e:
pass
finally:
stream.close()
self._log()
return
client = tornado.httpclient.AsyncHTTPClient()
try:
result = yield client.fetch(req)
except tornado.httpclient.HTTPError as e:
if e.response:
result = e.response
else:
self.set_status(502)
self.write('Bad Gateway error:\n' + str(e))
self.finish()
raise gen.Return()
self.set_status(result.code, result.reason)
if result.headers.get('Transfer-Encoding') == 'chunked':
del result.headers['Transfer-Encoding']
if 'set-cookie' in result.headers:
set_cookie = result.headers.get_list('set-cookie')
del result.headers['set-cookie']
for each in set_cookie:
result.headers.add('set-cookie', self.set_cookie_re.sub('', each))
if kwargs.get('_callback'):
self.set_header('Content-Type', 'application/javascript')
self.finish('%s(%s)' % (kwargs['_callback'], json.dumps(result.body.decode())))
else:
cors = self.get_argument('cors', None)
if cors:
result.headers["Access-Control-Allow-Origin"] = "*"
self._headers = result.headers
if result.code == 304:
self.finish()
else:
self.finish(result.body)
def feed_ssldata(self, data):
"""Feed SSL level data into the pipe.
Return a (ssldata, appdata) tuple. The ssldata element is a list of
buffers containing SSL data that needs to be sent to the remote SSL
instance. The appdata element is a list of buffers containing
application data that needs to be forwarded to the application.
For performance it is best to pass *data* as a memoryview. This
prevents the copying of data in case of short writes.
"""
if self._state == self.s_unwrapped:
return ([], [data] if data else [])
offset = 0
ssldata = []
appdata = []
while True:
nbytes = write_to_socket(self._sockets[0], data[offset:])
offset += nbytes
try:
if self._state == self.s_handshake:
self._sslsock.do_handshake()
self._state = self.s_wrapped
if self._handshake_callback:
self._handshake_callback()
if self._state == self.s_wrapped:
while True:
chunk = self._sslsock.read(self.bufsize)
if not chunk:
# clean shutdown: automatically acknowledge below
# Automatic aknowledging has an issue. It changes
# state of _sslsock before the read callback has
# been called. So it may be called with a previous
# ssl state.
self._state = self.s_shutdown
break
appdata.append(chunk)
if self._state == self.s_shutdown:
unwrapped = self._sslsock.unwrap()
if hasattr(socket, '_socketobject'):
# Python 2.7
unwrapped = socket._socketobject(_sock=unwrapped)
self._sockets = (self._sockets[0], unwrapped)
self._state = self.s_unwrapped
self._sslsock = None
if self._shutdown_callback:
self._shutdown_callback()
if self._state == self.s_unwrapped:
# Drain the socket pair from any left-over clear-text
# data from after the SSL shutdown.
chunks = read_from_socket(self._sockets[1], self.bufsize)
appdata.extend(chunks)
except ssl.SSLError as e:
if e.args[0] not in ssl_error_nb:
raise
# Check for record level data that needs to be sent
# back. Happens for the initial handshake and renegotiations.
chunks = read_from_socket(self._sockets[0], self.bufsize)
ssldata.extend(chunks)
if offset == len(data):
break
return (ssldata, appdata)
def proxy(self, method, url, headers, body, **kwargs):
if not self.auth(url):
if kwargs.get('http_proxy'):
self.set_header('Proxy-Authenticate', 'Basic realm="hello"')
self.set_status(407)
self.finish()
raise gen.Return()
else:
raise HTTPError(403)
req = tornado.httpclient.HTTPRequest(
method = method,
url = url,
headers = headers,
body = body or None,
decompress_response = False,
follow_redirects = False,
allow_nonstandard_methods = True)
if self.application.forward_proxies:
self.via_proxy = proxy = random.choice(self.application.forward_proxies)
try:
remote = yield gen.with_timeout(IOLoop.current().time()+10, tornado.tcpclient.TCPClient().connect(
proxy.hostname, int(proxy.port), ssl_options={} if proxy.scheme == 'https' else None))
except gen.TimeoutError:
raise HTTPError(504)
parsed = urlparse(req.url)
userpass = None
netloc = parsed.netloc
if '@' in parsed.netloc:
userpass, _, netloc = netloc.rpartition("@")
headers = tornado.httputil.HTTPHeaders(headers)
if parsed.scheme == 'https':
remote.write(utf8('CONNECT %s:%s HTTP/1.1\r\n' % (parsed.hostname, parsed.port or 443)))
remote.write(utf8('Host: %s\r\n' % netloc))
if proxy.username:
remote.write(utf8('Proxy-Authorization: Basic %s\r\n' %
b64encode('%s:%s' % (proxy.username, proxy.password))))
remote.write('\r\n')
yield remote.read_until('\r\n\r\n')
channel_a, channel_b = socket.socketpair()
if not hasattr(channel_a, '_sock'):
channel_a, channel_b = socket._socketobject(_sock=channel_a), socket._socketobject(_sock=channel_b)
channel_a, channel_b = tornado.iostream.IOStream(channel_a), tornado.iostream.IOStream(channel_b)
link(channel_a, remote)
link(remote, channel_a)
remote = yield channel_b.start_tls(False, {}, netloc)
request_path = parsed.path
if parsed.query:
request_path += '?%s' % parsed.query
remote.write(utf8('%s %s HTTP/1.1\r\n' % (req.method.upper(), urllib.quote(request_path))))
else:
remote.write(utf8('%s %s HTTP/1.1\r\n' % (req.method.upper(), req.url)))
if proxy.username:
headers['Proxy-Authorization'] = 'Basic %s' % b64encode('%s:%s' % (proxy.username, proxy.password))
if 'Host' not in headers:
headers['Host'] = netloc
# force disable connection
if not kwargs.get('http_proxy'):
headers['Connection'] = b'close'
if userpass:
headers['Authorization'] = utf8('basic %s' % b64encode(userpass))
if req.body:
headers['Content-Length'] = str(len(utf8(req.body)))
for key, value in headers.get_all():
remote.write(utf8('%s: %s\r\n' % (key, value)))
remote.write('\r\n')
if req.body:
remote.write(utf8(body))
yield remote.write(b'')
self._auto_finish = False
client = self.request.connection.detach()
# not forward any further message to remote, as current request had finished
if kwargs.get('http_proxy'):
link(client, remote)
link(remote, client)
self._log()
return
if kwargs.get('http_proxy'):
# streaming in http proxy mode
self._auto_finish = False
stream = self.request.connection.detach()
req.header_callback = lambda line, stream=stream: not stream.closed() and stream.write(line) if not line.startswith('Transfer-Encoding') else None
req.streaming_callback = lambda chunk, stream=stream: not stream.closed() and stream.write(chunk)
client = tornado.httpclient.AsyncHTTPClient()
try:
result = yield client.fetch(req)
except tornado.httpclient.HTTPError as e:
pass
finally:
stream.close()
self._log()
return
client = tornado.httpclient.AsyncHTTPClient()
try:
result = yield client.fetch(req)
except tornado.httpclient.HTTPError as e:
if e.response:
result = e.response
else:
self.set_status(502)
self.write('Bad Gateway error:\n' + str(e))
self.finish()
raise gen.Return()
self.set_status(result.code, result.reason)
if result.headers.get('Transfer-Encoding') == 'chunked':
del result.headers['Transfer-Encoding']
if 'set-cookie' in result.headers:
set_cookie = result.headers.get_list('set-cookie')
del result.headers['set-cookie']
for each in set_cookie:
result.headers.add('set-cookie', self.set_cookie_re.sub('', each))
if kwargs.get('_callback'):
self.set_header('Content-Type', 'application/javascript')
self.finish('%s(%s)' % (kwargs['_callback'], json.dumps(result.body)))
else:
cors = self.get_argument('cors', None)
if cors:
result.headers["Access-Control-Allow-Origin"] = "*"
self._headers = result.headers
if result.code == 304:
self.finish()
else:
self.finish(result.body)
def _socket_at(self, family, socktype, proto):
vrf = self.get_agent_mgr().agent_option("vrf") or ""
fd = self.vrf_mgr_.socket_at(family, socktype, proto, vrf)
return socket._socketobject(_sock=socket.fromfd(fd, family, socktype, proto))
def feed_ssldata(self, data):
"""Feed SSL level data into the pipe.
Return a (ssldata, appdata) tuple. The ssldata element is a list of
buffers containing SSL data that needs to be sent to the remote SSL
instance. The appdata element is a list of buffers containing
application data that needs to be forwarded to the application.
For performance it is best to pass *data* as a memoryview. This
prevents the copying of data in case of short writes.
"""
if self._state == self.s_unwrapped:
return ([], [data] if data else [])
offset = 0
ssldata = []; appdata = []
while True:
nbytes = write_to_socket(self._sockets[0], data[offset:])
offset += nbytes
try:
if self._state == self.s_handshake:
self._sslsock.do_handshake()
self._state = self.s_wrapped
if self._handshake_callback:
self._handshake_callback()
if self._state == self.s_wrapped:
while True:
chunk = self._sslsock.read(self.bufsize)
if not chunk:
# clean shutdown: automatically acknowledge below
# Automatic aknowledging has an issue. It changes
# state of _sslsock before the read callback has
# been called. So it may be called with a previous
# ssl state.
self._state = self.s_shutdown
break
appdata.append(chunk)
if self._state == self.s_shutdown:
unwrapped = self._sslsock.unwrap()
if hasattr(socket, '_socketobject'):
# Python 2.7
unwrapped = socket._socketobject(_sock=unwrapped)
self._sockets = (self._sockets[0], unwrapped)
self._state = self.s_unwrapped
self._sslsock = None
if self._shutdown_callback:
self._shutdown_callback()
if self._state == self.s_unwrapped:
# Drain the socket pair from any left-over clear-text
# data from after the SSL shutdown.
chunks = read_from_socket(self._sockets[1], self.bufsize)
appdata.extend(chunks)
except ssl.SSLError as e:
if e.args[0] not in ssl_error_nb:
raise
# Check for record level data that needs to be sent
# back. Happens for the initial handshake and renegotiations.
chunks = read_from_socket(self._sockets[0], self.bufsize)
ssldata.extend(chunks)
if offset == len(data):
break
return (ssldata, appdata)
