From: Ben Darnell Date: Sat, 24 May 2014 21:00:53 +0000 (-0400) Subject: TCPClient: connect without SSL and wrap the connection later. X-Git-Tag: v4.0.0b1~51 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=652ed91a158189c07785eb120cbacce1d84a6ee8;p=thirdparty%2Ftornado.git TCPClient: connect without SSL and wrap the connection later. This prevents us from potentially starting two SSL handshakes at the same time. --- diff --git a/tornado/tcpclient.py b/tornado/tcpclient.py index 1bb1253f1..f29c29c1c 100644 --- a/tornado/tcpclient.py +++ b/tornado/tcpclient.py @@ -159,24 +159,20 @@ class TCPClient(object): addrinfo = yield self.resolver.resolve(host, port, af) connector = _Connector( addrinfo, self.io_loop, - functools.partial(self._create_stream, - host, ssl_options, max_buffer_size)) + functools.partial(self._create_stream, max_buffer_size)) af, addr, stream = yield connector.start() # TODO: For better performance we could cache the (af, addr) # information here and re-use it on sbusequent connections to # the same host. (http://tools.ietf.org/html/rfc6555#section-4.2) + if ssl_options is not None: + stream = yield stream.start_tls(False, ssl_options=ssl_options, + server_hostname=host) raise gen.Return(stream) - def _create_stream(self, host, ssl_options, max_buffer_size, af, addr): - # TODO: we should connect in plaintext mode and start the - # ssl handshake only after stopping the _Connector. - if ssl_options is None: - stream = IOStream(socket.socket(af), - io_loop=self.io_loop, - max_buffer_size=max_buffer_size) - else: - stream = SSLIOStream(socket.socket(af), - io_loop=self.io_loop, - ssl_options=ssl_options, - max_buffer_size=max_buffer_size) - return stream.connect(addr, server_hostname=host) + def _create_stream(self, max_buffer_size, af, addr): + # Always connect in plaintext; we'll convert to ssl if necessary + # after one connection has completed. + stream = IOStream(socket.socket(af), + io_loop=self.io_loop, + max_buffer_size=max_buffer_size) + return stream.connect(addr)