Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Catch known built-in SSL provider errors #4

Merged
merged 3 commits into from
Mar 2, 2017
Merged

Catch known built-in SSL provider errors #4

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
dc787bb
Catch known built-in SSL provider errors
Safihre Feb 14, 2017
0f2d48a
Update CHANGES for BuiltinSSLAdapter changes
Safihre Feb 18, 2017
bea1fc7
Merge branch 'master' into patch-1
Safihre Mar 2, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 10 additions & 4 deletions cheroot/ssl/builtin.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,10 +85,16 @@ def wrap(self, sock):
if 'http request' in e.args[1]:
# The client is speaking HTTP to an HTTPS server.
raise errors.NoSSLError
elif 'unknown protocol' in e.args[1]:
# The client is speaking some non-HTTP protocol.
# Drop the conn.
return None, {}

# Check if it's one of the known errors
# Errors that are caught by PyOpenSSL, but thrown by built-in ssl
_block_errors = ('unknown protocol', 'unknown ca', 'unknown_ca',
'inappropriate fallback', 'wrong version number',
'no shared cipher', 'certificate unknown', 'ccs received early')
for error_text in _block_errors:
if error_text in e.args[1].lower():
# Accepted error, let's pass
return None, {}
elif 'handshake operation timed out' in e.args[0]:
# This error is thrown by builtin SSL after a timeout
# when client is speaking HTTP to an HTTPS server.
Expand Down