git://git.onelab.eu / sfa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
cosmetic
[sfa.git] / sfa / server / threadedserver.py
diff --git a/sfa/server/threadedserver.py b/sfa/server/threadedserver.py
index 2b8207c..7dfac7d 100644 (file)
--- a/sfa/server/threadedserver.py
+++ b/sfa/server/threadedserver.py
@@ -43,6 +43,7 @@ def verify_callback(conn, x509, err, depth, preverify):
     # and ignore them
 
     # XXX SMBAKER: I don't know what this error is, but it's being returned
     # and ignore them
 
     # XXX SMBAKER: I don't know what this error is, but it's being returned
+    # xxx thierry: this most likely means the cert has a validity range in the future
     # by newer pl nodes.
     if err == 9:
        #print "  X509_V_ERR_CERT_NOT_YET_VALID"
     # by newer pl nodes.
     if err == 9:
        #print "  X509_V_ERR_CERT_NOT_YET_VALID"
@@ -72,7 +73,11 @@ def verify_callback(conn, x509, err, depth, preverify):
        #print "  X509_V_ERR_CERT_UNTRUSTED"
        return 1
 
        #print "  X509_V_ERR_CERT_UNTRUSTED"
        return 1
 
-    print "  error", err, "in verify_callback"
+    # ignore X509_V_ERR_CERT_SIGNATURE_FAILURE
+    if err == 7:
+       return 1         
+
+    logger.debug("  error %s in verify_callback"%err)
 
     return 0
 
 
     return 0
 
@@ -122,27 +127,31 @@ class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler):
             #self.send_response(500)
             #self.end_headers()
        
             #self.send_response(500)
             #self.end_headers()
        
-        # got a valid response
-        self.send_response(200)
-        self.send_header("Content-type", "text/xml")
-        self.send_header("Content-length", str(len(response)))
-        self.end_headers()
-        self.wfile.write(response)
-
-        # shut down the connection
-        self.wfile.flush()
-        self.connection.shutdown() # Modified here!
+        # avoid session/connection leaks : do this no matter what 
+        finally:
+            self.send_response(200)
+            self.send_header("Content-type", "text/xml")
+            self.send_header("Content-length", str(len(response)))
+            self.end_headers()
+            self.wfile.write(response)
+            self.wfile.flush()
+            # close db connection
+            self.api.close_dbsession()
+            # shut down the connection
+            self.connection.shutdown() # Modified here!
 
 ##
 # Taken from the web (XXX find reference). Implements an HTTPS xmlrpc server
 class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLRPCDispatcher):
 
     def __init__(self, server_address, HandlerClass, key_file, cert_file, logRequests=True):
 
 ##
 # Taken from the web (XXX find reference). Implements an HTTPS xmlrpc server
 class SecureXMLRPCServer(BaseHTTPServer.HTTPServer,SimpleXMLRPCServer.SimpleXMLRPCDispatcher):
 
     def __init__(self, server_address, HandlerClass, key_file, cert_file, logRequests=True):
-        """Secure XML-RPC server.
+        """
+        Secure XML-RPC server.
 
         It it very similar to SimpleXMLRPCServer but it uses HTTPS for transporting XML data.
         """
 
         It it very similar to SimpleXMLRPCServer but it uses HTTPS for transporting XML data.
         """
-        logger.debug("SecureXMLRPCServer.__init__, server_address=%s, cert_file=%s"%(server_address,cert_file))
+        logger.debug("SecureXMLRPCServer.__init__, server_address=%s, " 
+                     "cert_file=%s, key_file=%s"%(server_address,cert_file,key_file))
         self.logRequests = logRequests
         self.interface = None
         self.key_file = key_file
         self.logRequests = logRequests
         self.interface = None
         self.key_file = key_file
sfa