From: Tony Mack Date: Fri, 5 Mar 2010 20:07:37 +0000 (+0000) Subject: define peer_cert in do_POST() not in verify_callback() (doing this in verify_callback... X-Git-Tag: sfa-0.9-11~53 X-Git-Url: http://git.onelab.eu/?p=sfa.git;a=commitdiff_plain;h=ae7afbf5f6950f480dbf268326528a4d4698647f define peer_cert in do_POST() not in verify_callback() (doing this in verify_callback isnt thread safe) --- diff --git a/sfa/util/server.py b/sfa/util/server.py index fece14ff..72e9a1d0 100644 --- a/sfa/util/server.py +++ b/sfa/util/server.py @@ -41,12 +41,6 @@ def verify_callback(conn, x509, err, depth, preverify): #print " depth > 0 in verify_callback" return 0 - # create a Certificate object and load it from the client's x509 - ctx = conn.get_context() - server = ctx.get_app_data() - server.peer_cert = Certificate() - server.peer_cert.load_from_pyopenssl_x509(x509) - # the certificate verification done by openssl checks a number of things # that we aren't interested in, so we look out for those error messages # and ignore them @@ -99,7 +93,9 @@ class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler): It was copied out from SimpleXMLRPCServer.py and modified to shutdown the socket cleanly. """ try: - self.api = SfaAPI(peer_cert = self.server.peer_cert, + peer_cert = Certificate() + peer_cert.load_from_pyopenssl_x509(self.connection.get_peer_certificate()) + self.api = SfaAPI(peer_cert = peer_cert, interface = self.server.interface, key_file = self.server.key_file, cert_file = self.server.cert_file) @@ -121,6 +117,7 @@ class SecureXMLRpcRequestHandler(SimpleXMLRPCServer.SimpleXMLRPCRequestHandler): # internal error, report as HTTP server error self.send_response(500) self.end_headers() + traceback.print_exc() else: # got a valid XML RPC response self.send_response(200)