From eaf3bea4df7857fe3cc21cb5eedf29aa900fb0e9 Mon Sep 17 00:00:00 2001 From: Sviatoslav Sydorenko Date: Wed, 24 Jan 2024 05:18:26 +0100 Subject: [PATCH] Unify sock wrap conn processing --- cheroot/ssl/builtin.py | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/cheroot/ssl/builtin.py b/cheroot/ssl/builtin.py index fbd467a90a..f13dfd5b3d 100644 --- a/cheroot/ssl/builtin.py +++ b/cheroot/ssl/builtin.py @@ -273,19 +273,25 @@ def wrap(self, sock): raise errors.FatalSSLAlert( *tls_connection_drop_error.args, ) from tls_connection_drop_error - except ssl.SSLError as ex: - if ex.errno == ssl.SSL_ERROR_SSL: - if _assert_ssl_exc_contains(ex, 'http request'): - # The client is speaking HTTP to an HTTPS server. - raise errors.NoSSLError + except ssl.SSLError as generic_tls_error: + peer_speaks_plain_http_over_https = ( + generic_tls_error.errno == ssl.SSL_ERROR_SSL and + _assert_ssl_exc_contains(generic_tls_error, 'http request') + ) + if peer_speaks_plain_http_over_https: + reraised_connection_drop_exc_cls = errors.NoSSLError + else: + reraised_connection_drop_exc_cls = errors.FatalSSLAlert + + raise reraised_connection_drop_exc_cls( + *generic_tls_error.args, + ) from generic_tls_error except OSError as tcp_connection_drop_error: raise errors.FatalSSLAlert( *tcp_connection_drop_error.args, ) from tcp_connection_drop_error - else: - return s, self.get_environ(s) - raise errors.FatalSSLAlert + return s, self.get_environ(s) def get_environ(self, sock): """Create WSGI environ entries to be merged into each request."""