Fix race condition and uncaught exception (#9264)

* Fix race condition and uncaught exception * fix typo
2026-01-26 07:41:33 +03:00 · 2022-04-05 16:12:38 -07:00
parent b7df4416b5
commit 87216372dd
2 changed files with 14 additions and 15 deletions
--- a/acme/acme/crypto_util.py
+++ b/acme/acme/crypto_util.py
@@ -120,7 +120,14 @@ class SSLSocket:  # pylint: disable=too-few-public-methods

        def shutdown(self, *unused_args: Any) -> bool:
            # OpenSSL.SSL.Connection.shutdown doesn't accept any args
-            return self._wrapped.shutdown()
+            try:
+                return self._wrapped.shutdown()
+            except SSL.Error as error:
+                # We wrap the error so we raise the same error type as sockets
+                # in the standard library. This is useful when this object is
+                # used by code which expects a standard socket such as
+                # socketserver in the standard library.
+                raise socket.error(error)

    def accept(self) -> Tuple[FakeConnection, Any]:  # pylint: disable=missing-function-docstring
        sock, addr = self.sock.accept()
@@ -135,6 +142,8 @@ class SSLSocket:  # pylint: disable=too-few-public-methods
        ssl_sock = self.FakeConnection(SSL.Connection(context, sock))
        ssl_sock.set_accept_state()

+        # This log line is especially desirable because without it requests to
+        # our standalone TLSALPN server would not be logged.
        logger.debug("Performing handshake with %s", addr)
        try:
            ssl_sock.do_handshake()
--- a/acme/acme/standalone.py
+++ b/acme/acme/standalone.py
@@ -153,8 +153,11 @@ class TLSALPN01Server(TLSServer, ACMEServerMixin):
                 certs: List[Tuple[crypto.PKey, crypto.X509]],
                 challenge_certs: Mapping[str, Tuple[crypto.PKey, crypto.X509]],
                 ipv6: bool = False) -> None:
+        # We don't need to implement a request handler here because the work
+        # (including logging) is being done by wrapped socket set up in the
+        # parent TLSServer class.
        TLSServer.__init__(
-            self, server_address, _BaseRequestHandlerWithLogging, certs=certs,
+            self, server_address, socketserver.BaseRequestHandler, certs=certs,
            ipv6=ipv6)
        self.challenge_certs = challenge_certs

@@ -303,16 +306,3 @@ class HTTP01RequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
        return functools.partial(
            cls, simple_http_resources=simple_http_resources,
            timeout=timeout)
-
-
-class _BaseRequestHandlerWithLogging(socketserver.BaseRequestHandler):
-    """BaseRequestHandler with logging."""
-
-    def log_message(self, format: str, *args: Any) -> None:  # pylint: disable=redefined-builtin
-        """Log arbitrary message."""
-        logger.debug("%s - - %s", self.client_address[0], format % args)
-
-    def handle(self) -> None:
-        """Handle request."""
-        self.log_message("Incoming request")
-        socketserver.BaseRequestHandler.handle(self)