def _do_ssl_handshake(self):
try:
self._handshake_reading = False
self._handshake_writing = False
if not self._done_setup:
self.socket.setup_ssl()
# This server_side was added when creating the Connection
# it is not a standard attribute
if self.socket.server_side:
self.socket.set_accept_state()
else:
self.socket.set_connect_state()
self._done_setup = True
# Actual accept/connect logic
if self.socket.server_side:
res = self.socket.accept_ssl()
else:
res = self.socket.connect_ssl()
if res == 0:
# TODO: We should somehow get SSL_WANT_READ/WRITE here
# and then set the correct flag, although it does
# work as long as one of them gets set
self._handshake_reading = True
#self._handshake_writing = True
return
if res < 0:
err_num = self.socket.ssl_get_error(res)
gen_log.error("Err: %s" % err_num)
gen_log.error("Err Str: %s" % Err.get_error_reason(err_num))
return self.close()
except SSL.SSLError as e:
raise
except socket.error as err:
gen_log.error("Socket error!")
# Some port scans (e.g. nmap in -sT mode) have been known
# to cause do_handshake to raise EBADF and ENOTCONN, so make
# those errors quiet as well.
# https://groups.google.com/forum/?fromgroups#!topic/python-tornado/ApucKJat1_0
if (self._is_connreset(err)
or err.args[0] in (errno.EBADF, errno.ENOTCONN)):
return self.close(exc_info=err)
raise
except AttributeError as err:
# On Linux, if the connection was reset before the call to
# wrap_socket, do_handshake will fail with an
# AttributeError.
return self.close(exc_info=err)
else:
self._ssl_accepting = False
if not self._verify_cert(self.socket.get_peer_cert()):
gen_log.error("VALIDATION FAILED!")
self.close()
return
gen_log.debug("Connect complete! (Sever: %s)!" %
self.socket.server_side)
self._run_ssl_connect_callback()
def test_no_error(self):
# Protection against gl#m2crypto/m2crypto#258
self.assertEqual(Err.get_error_reason(0), '')
