http: Do not start listening on https port before wrapping socket.

Otherwise, this port will fail https handshake if clients connects too early.

http: Do not start listening on https port before wrapping socket.
Otherwise, this port will fail https handshake if clients connects too early.
975d1c0b · Vincent Pelletier · 50a5d1d3 · 975d1c0b
Commit 975d1c0b authored Jul 12, 2018 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 1 deletion

caucase/http.py caucase/http.py +15 -1

No files found.
--- a/caucase/http.py
+++ b/caucase/http.py
@@ -86,6 +86,14 @@ class ThreadingWSGIServer(ThreadingMixIn, WSGIServer):
      self.socket.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, 1)
    WSGIServer.server_bind(self)
+class ThreadingWSGISSLServer(ThreadingWSGIServer):
+  """
+  Threading WSGI SSL server
+  Delay socket opening to leave time for socket wrapping.
+  """
+  def __init__(self, *args, **kw):
+    ThreadingWSGIServer.__init__(self, bind_and_activate=False, *args, **kw)
 class CaucaseWSGIRequestHandler(WSGIRequestHandler):
  """
  Make WSGIRequestHandler logging more apache-like.
@@ -501,7 +509,7 @@ def main(argv=None, until=utils.until):
          host=host,
          port=https_port,
          app=application,
-          server_class=ThreadingWSGIServer,
+          server_class=ThreadingWSGISSLServer,
          handler_class=CaucaseSSLWSGIRequestHandler,
        ),
      )
@@ -519,6 +527,12 @@ def main(argv=None, until=utils.until):
      sock=https.socket,
      server_side=True,
    )
+    try:
+      https.server_bind()
+      https.server_activate()
+    except:
+      https.server_close()
+      raise
  if args.backup_directory:
    backup_period = datetime.timedelta(args.backup_period, 0)
    try: