WIP

9481466e · Vincent Pelletier · cbfcd37c · 9481466e · 9481466e
Commit 9481466e authored Jun 26, 2020 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 0 deletions

caucase/http.py caucase/http.py +5 -0

caucase/http_wsgibase.py caucase/http_wsgibase.py +9 -0

No files found.
--- a/caucase/http.py
+++ b/caucase/http.py
@@ -313,6 +313,11 @@ def getSSLContext(
      for x in cau.getCACertificateList()
    )),
  )
+  # XXX: Should call SSL_{CTX_,}set_client_CA_list or
+  # SSL_{CTX_,}add_client_CA somehow, to specify CAU CA.
+  # Sadly, it does not seem to be exposed by python's ssl module.
+  # See https://tools.ietf.org/html/rfc5246#section-7.4.4 .
+  # https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_client_CA_list.html
  http_cas_certificate_list = http_cas.getCACertificateList()
  threshold_delta = datetime.timedelta(threshold, 0)
  exists = os.path.exists(server_key_path)

--- a/caucase/http_wsgibase.py
+++ b/caucase/http_wsgibase.py
@@ -24,6 +24,8 @@ Base WSGI-related classes for caucase HTTP(S) server.
 Separate from .http because of different-licensed code in the middle.
 """
 from __future__ import absolute_import
+import errno
+import socket
 from wsgiref.simple_server import ServerHandler
 from .utils import toBytes
@@ -139,3 +141,10 @@ class CleanServerHandler(ServerHandler):
      toBytes(self.http_version),
    ))
    self._flush()
+  def finish_response(self):
+    try:
+      ServerHandler.finish_response(self)
+    except socket.error, e:
+      if e.errno != errno.EPIPE:
+        raise