Failed TLS auth causes an exception happening after the TLS handshake if the client uses post_handshake_auth TLS extension. This happens when the server tries to read bytes with HTTP payload from the TCP connection (when starting to parse HTTP request). This code should also be protected by try/except wrapper.
Make it work.
No traceback.
2019-06-23 11:45:27,812::WARNING::[_cplogging:216] [23/Jun/2019:11:45:27] ENGINE socket.error 1
Traceback (most recent call last):
File "C:\Users\Saf\Documents\GitHub\tests\py3\lib\site-packages\cheroot\server.py", line 1263, in communicate
req.parse_request()
File "C:\Users\Saf\Documents\GitHub\tests\py3\lib\site-packages\cheroot\server.py", line 719, in parse_request
success = self.read_request_line()
File "C:\Users\Saf\Documents\GitHub\tests\py3\lib\site-packages\cheroot\server.py", line 760, in read_request_line
request_line = self.rfile.readline()
File "C:\Users\Saf\Documents\GitHub\tests\py3\lib\site-packages\cheroot\server.py", line 302, in readline
data = self.rfile.readline(256)
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\_pyio.py", line 513, in readline
b = self.read(nreadahead())
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\_pyio.py", line 492, in nreadahead
readahead = self.peek(1)
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\_pyio.py", line 1076, in peek
return self._peek_unlocked(size)
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\_pyio.py", line 1083, in _peek_unlocked
current = self.raw.read(to_read)
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\socket.py", line 589, in readinto
return self._sock.recv_into(b)
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\ssl.py", line 1052, in recv_into
return self.read(nbytes, buffer)
File "C:\Users\Saf\AppData\Local\Programs\Python\Python37\Lib\ssl.py", line 911, in read
return self._sslobj.read(len, buffer)
ssl.SSLError: [SSL: SSLV3_ALERT_BAD_CERTIFICATE] sslv3 alert bad certificate (_ssl.c:2488)
β I'm submitting a ...
π Describe the bug. What is the current behavior?
Failed TLS auth causes an exception happening after the TLS handshake if the client uses
post_handshake_authTLS extension. This happens when the server tries to read bytes with HTTP payload from the TCP connection (when starting to parse HTTP request). This code should also be protected by try/except wrapper.β What is the motivation / use case for changing the behavior?
Make it work.
π‘ To Reproduce
N/A
π‘ Expected behavior
No traceback.
π Details
π Environment
π Additional context
cherrypy/cherrypy#1509 (comment)
cc @Safihre