Ignore:
Timestamp:
14/09/07 09:29:04 (13 years ago)
Author:
pjkersha
Message:

Explicitly setting of SSL timeout avoids hanging client for calls over https

ndg.security.server/ndg/security/server/conf/sessionMgr.tac,
ndg.security.server/ndg/security/server/conf/attAuthority.tac:

  • added ref to NDGSEC_INT_DEBUG environment variable -sets service to stop in debugger at the start of each SOAP call. Service must be restarted in order for variable to be picked up

ndg.security.test/ndg/security/test/AttAuthority/siteAAttAuthorityProperties.xml,
ndg.security.test/ndg/security/test/AttAuthority/attAuthorityClientTest.cfg,
ndg.security.test/ndg/security/test/SessionMgr/sessionMgrClientTest.cfg:

  • running unit tests with https switched on to investigate timeout problems. SM calls to an AA over https currently fail with a HTTP bad status line error

ndg.security.common/ndg/security/common/AttAuthority/init.py: improve error reporting for getAttCert call.

ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py:

  • added functionality to set read and write timeouts. M2Crypto default is 600s(!). Changed default to 3s
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py

    r2685 r2884  
    6565            # Try match against peerCertDN set 
    6666            # file setting 
    67             peerCertDN = '/' + \ 
    68                     peerCert.get_subject().as_text().replace(', ', '/') 
     67            peerCertDN='/'+peerCert.get_subject().as_text().replace(', ', '/') 
    6968            if peerCertDN != self.peerCertDN: 
    7069                raise e 
     
    126125        else: 
    127126            self._postConnectionCheck = SSL.Checker.Checker 
     127         
     128        if 'readTimeout' in kw: 
     129            if not isinstance(readTimeout, SSL.timeout): 
     130                raise AttributeError, "readTimeout must be of type " + \ 
     131                                      "M2Crypto.SSL.timeout"  
     132            self.readTimeout = readTimeout 
     133            del kw['readTimeout'] 
     134        else: 
     135            self.readTimeout = SSL.timeout(sec=3.)  
     136               
     137        if 'writeTimeout' in kw: 
     138            if not isinstance(writeTimeout, SSL.timeout): 
     139                raise AttributeError, "writeTimeout must be of type " + \ 
     140                                      "M2Crypto.SSL.timeout"  
     141            self.writeTimeout = writeTimeout 
     142            del kw['writeTimeout'] 
     143        else: 
     144            self.writeTimeout = SSL.timeout(sec=3.) 
    128145             
    129146        _HTTPSConnection.__init__(self, *args, **kw) 
     
    132149    def connect(self): 
    133150        '''Overload M2Crypto.httpslib.HTTPSConnection to enable 
    134         custom post connection check of peer certificate''' 
     151        custom post connection check of peer certificate and socket timeout''' 
    135152        self.sock = SSL.Connection(self.ssl_ctx) 
    136153        self.sock.set_post_connection_check_callback( 
    137                                          self._postConnectionCheck) 
     154                                                 self._postConnectionCheck) 
     155     
     156        self.sock.set_socket_read_timeout(self.readTimeout) 
     157        self.sock.set_socket_write_timeout(self.writeTimeout) 
     158 
    138159        self.sock.connect((self.host, self.port)) 
Note: See TracChangeset for help on using the changeset viewer.