From d14cb06427ae871140fdff6d5a6f394984a2460d Mon Sep 17 00:00:00 2001
From: Ben Darnell <ben@bendarnell.com>
Date: Mon, 14 Feb 2011 19:23:56 -0800
Subject: [PATCH] In SSLIOStream, delay the connect_callback until the SSL
 handshake finishes.

---
 tornado/iostream.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tornado/iostream.py b/tornado/iostream.py
index b361204e5..0d19af358 100644
--- a/tornado/iostream.py
+++ b/tornado/iostream.py
@@ -408,6 +408,7 @@ class SSLIOStream(IOStream):
                 return self.close()
         else:
             self._ssl_accepting = False
+            super(SSLIOStream, self)._handle_connect()
 
     def _handle_read(self):
         if self._ssl_accepting:
@@ -425,7 +426,10 @@ class SSLIOStream(IOStream):
         # TODO(bdarnell): cert verification, etc
         self.socket = ssl.wrap_socket(self.socket,
                                       do_handshake_on_connect=False)
-        super(SSLIOStream, self)._handle_connect()
+        # Don't call the superclass's _handle_connect (which is responsible
+        # for telling the application that the connection is complete)
+        # until we've completed the SSL handshake (so certificates are
+        # available, etc).
 
 
     def _read_from_socket(self):
-- 
2.47.2