ganeti.http: Explicitly initiate handshake

Otherwise it would be done on the first read/write operation, making
error handling more difficult (such as EOF during handshake).

Reviewed-by: iustinp

diff --git a/lib/http/client.py b/lib/http/client.py
index 108e954..35f5781 100644 (file)
--- a/lib/http/client.py
+++ b/lib/http/client.py
@@ -264,6 +264,14 @@ class HttpClientRequestExecutor(http.HttpBase):
     # keep-alive settings, see "man 7 tcp" for TCP_KEEPCNT, TCP_KEEPIDLE and
     # TCP_KEEPINTVL.
 
+    # Do the secret SSL handshake
+    if self.using_ssl:
+      self.sock.set_connect_state()
+      try:
+        http.Handshake(self.poller, self.sock, self.WRITE_TIMEOUT)
+      except http.HttpSessionHandshakeUnexpectedEOF:
+        raise http.HttpError("Server closed connection during SSL handshake")
+
   def _SendRequest(self):
     """Sends request to server.
 

diff --git a/lib/http/server.py b/lib/http/server.py
index 9fa7e43..b9e77ce 100644 (file)
--- a/lib/http/server.py
+++ b/lib/http/server.py
@@ -252,6 +252,15 @@ class _HttpServerRequestExecutor(object):
       request_msg_reader = None
       force_close = True
       try:
+        # Do the secret SSL handshake
+        if self.server.using_ssl:
+          self.sock.set_accept_state()
+          try:
+            http.Handshake(self.poller, self.sock, self.WRITE_TIMEOUT)
+          except http.HttpSessionHandshakeUnexpectedEOF:
+            # Ignore rest
+            return
+
         try:
           try:
             request_msg_reader = self._ReadRequest()