are closed immediately after opening.
Closes #750.
elif err.args[0] == ssl.SSL_ERROR_SSL:
try:
peer = self.socket.getpeername()
- except:
+ except Exception:
peer = '(not connected)'
gen_log.warning("SSL Error on %d %s: %s",
self.socket.fileno(), peer, err)
except socket.error as err:
if err.args[0] in (errno.ECONNABORTED, errno.ECONNRESET):
return self.close(exc_info=True)
+ except AttributeError:
+ # On Linux, if the connection was reset before the call to
+ # wrap_socket, do_handshake will fail with an
+ # AttributeError.
+ return self.close(exc_info=True)
else:
self._ssl_accepting = False
if not self._verify_cert(self.socket.getpeercert()):
try:
connection, address = sock.accept()
except socket.error as e:
+ # EWOULDBLOCK and EAGAIN indicate we have accepted every
+ # connection that is available.
if e.args[0] in (errno.EWOULDBLOCK, errno.EAGAIN):
return
+ # ECONNABORTED indicates that there was a connection
+ # but it was closed while still in the accept queue.
+ # (observed on FreeBSD).
+ if e.args[0] == errno.ECONNABORTED:
+ continue
raise
callback(connection, address)
io_loop.add_handler(sock.fileno(), accept_handler, IOLoop.READ)
else:
raise
except socket.error as err:
- if err.args[0] == errno.ECONNABORTED:
+ # If the connection is closed immediately after it is created
+ # (as in a port scan), we can get one of several errors.
+ # wrap_socket makes an internal call to getpeername,
+ # which may return either EINVAL (Mac OS X) or ENOTCONN
+ # (Linux). If it returns ENOTCONN, this error is
+ # silently swallowed by the ssl module, so we need to
+ # catch another error later on (AttributeError in
+ # SSLIOStream._do_ssl_handshake).
+ # To test this behavior, try nmap with the -sT flag.
+ # https://github.com/facebook/tornado/pull/750
+ if err.args[0] in (errno.ECONNABORTED, errno.EINVAL):
return connection.close()
else:
raise
projects / thirdparty / tornado.git / commitdiff
