search

fgallaire / wsgiserver

NEW HOME ON GITLAB
https://gitlab.com/fgallaire/wsgiserver
27 stars 5 forks source link

SSL support is broken -> Fix provided #5

Closed ralphwetzel closed 6 years ago

ralphwetzel commented 7 years ago

Hi! SSL support is broken in wsgiserver (and probably in CherryPy as well). I've tried to generate a fix & pull request, yet you've disabled the collaboration feature. Therefore find the changes attached:

line 1776:

        if hasattr(ssl, 'create_default_context'):
            self.context = ssl.create_default_context(
                purpose=ssl.Purpose.CLIENT_AUTH,
                cafile=self.certificate_chain
            )
            self.context.load_cert_chain(self.certificate, self.private_key)

line 1806:

            elif e.errno == ssl.SSL_ERROR_SSL:
                if e.args[1].find('http request') > 0:
                    # The client is speaking HTTP to an HTTPS server.
                    raise NoSSLError
                elif e.args[1].find('unknown protocol') > 0:
                    # The client is speaking some non-HTTP protocol.
                    # Drop the conn.
                    return None, {}

Hope this helps.

Ralph

fgallaire commented 7 years ago

Hello @ralphwetzel, can you precise your Python version ? And I haven't disabled the "collaboration" feature.

ralphwetzel commented 7 years ago

Hi! Tested this with v3.6.0.

ralphwetzel commented 7 years ago

Hi again! You're right; nothing was disabled. I just didn't get how to create a pull request. Yet it is done now... Regards, Ralph

dksarangoung commented 7 years ago

Is this fix verified? Will it be merged to master?

fgallaire commented 7 years ago

hello @horribleperson I have not yet evaluated this fix, but it probably works.

webknjaz commented 7 years ago

@ralphwetzel @horribleperson this all has been fixed in cheroot (cheroot/ssl/builtin.py), which is a part of CherryPy moved into separate package a while ago.

fgallaire commented 7 years ago

hello @webknjaz do you want to contribute and help to fix wsgiserver ?

webknjaz commented 7 years ago

No, I'm maintaining upstream cherrypy and cheroot. Just saw some issue referring ours and followed the link to inform that related one is closed.

fgallaire commented 7 years ago

@webknjaz I understand, could you links to the commits fixing the issues ?

webknjaz commented 7 years ago

It's been changed lots of times, just compare the code.

plainas commented 7 years ago

What exactly was broken? Were these changes applied after all?

webknjaz commented 7 years ago

@plainas SSL error processing

fgallaire commented 6 years ago

Fixed by #6