Robert Brewer avatar Robert Brewer committed 13f0071

Fix for #654 (More gracefull failure and traceback when client tries non-SSL connection to SSL server).

Comments (0)

Files changed (1)

cherrypy/wsgiserver/__init__.py

         self.sendall("".join(buf))
 
 
+class NoSSLError(Exception):
+    """Exception raised when a client speaks HTTP to an HTTPS socket."""
+    pass
+
+
 def _ssl_wrap_method(method, is_reader=False):
     """Wrap the given method with SSL error-trapping.
     
             except SSL.Error, e:
                 if is_reader and e.args == (-1, 'Unexpected EOF'):
                     return ""
-                if is_reader and e.args[0][0][2] == 'ssl handshake failure':
+                
+                thirdarg = None
+                try:
+                    thirdarg = e.args[0][0][2]
+                except IndexError:
+                    pass
+                
+                if is_reader and thirdarg == 'ssl handshake failure':
                     return ""
+                if thirdarg == 'http request':
+                    # The client is talking HTTP to an HTTPS server.
+                    raise NoSSLError()
                 raise
             if time.time() - start > self.ssl_timeout:
                 raise socket.timeout("timed out")
             return
         except (KeyboardInterrupt, SystemExit):
             raise
+        except NoSSLError:
+            # Unwrap our sendall
+            req.sendall = self.socket._sock.sendall
+            req.simple_response("400 Bad Request",
+                                "The client sent a plain HTTP request, but "
+                                "this server only speaks HTTPS on this port.")
         except:
             if req:
                 req.simple_response("500 Internal Server Error", format_exc())
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.