Unify sock wrap conn processing

cherrypy · Jan 24, 2024 · f74b809 · f74b809
1 parent 9ba9c76
commit f74b809
Showing 1 changed file with 14 additions and 8 deletions.
diff --git a/cheroot/ssl/builtin.py b/cheroot/ssl/builtin.py
@@ -273,19 +273,25 @@ def wrap(self, sock):
             raise errors.FatalSSLAlert(
                 *tls_connection_drop_error.args,
             ) from tls_connection_drop_error
-        except ssl.SSLError as ex:
-            if ex.errno == ssl.SSL_ERROR_SSL:
-                if _assert_ssl_exc_contains(ex, 'http request'):
-                    # The client is speaking HTTP to an HTTPS server.
-                    raise errors.NoSSLError
+        except ssl.SSLError as generic_tls_error:
+            peer_speaks_plain_http_over_https = (
+                generic_tls_error.errno == ssl.SSL_ERROR_SSL and
+                _assert_ssl_exc_contains(generic_tls_error, 'http request')
+            )
+            if peer_speaks_plain_http_over_https:
+                reraised_connection_drop_exc_cls = errors.NoSSLError
+            else:
+                reraised_connection_drop_exc_cls = errors.FatalSSLAlert
+
+            raise reraised_connection_drop_exc_cls(
+                *generic_tls_error.args,
+            ) from generic_tls_error
         except OSError as tcp_connection_drop_error:
             raise errors.FatalSSLAlert(
                 *tcp_connection_drop_error.args,
             ) from tcp_connection_drop_error
-        else:
-            return s, self.get_environ(s)
 
-        raise errors.FatalSSLAlert
+        return s, self.get_environ(s)
 
     def get_environ(self, sock):
         """Create WSGI environ entries to be merged into each request."""