Move TLS server handshake down to connection thread

When TLS handshake is performed while in `accept()` call, main thread might blocked up to network timeout effectively locking out other clients from being able to establish connection with PyKMIP server. Easy way to reproduce the problem: 1. Start PyKMIP server 2. Establish TCP connection with `nc -v 127.0.0.1 5696` 3. Attempt to connect (concurrently): `openssl s_client -host 127.0.0.1 -port 5696` Without the fix, `openssl` would be blocked (won't even do initial TLS handshake) until `nc` connection times out.
2025-12-05 23:53:19 +00:00 · 2019-02-28 19:18:12 +03:00
parent 004ff92ffb
commit 1a723f224d
2 changed files with 15 additions and 9 deletions
--- a/kmip/services/server/session.py
+++ b/kmip/services/server/session.py
@@ -97,14 +97,20 @@ class KmipSession(threading.Thread):
        """
        self._logger.info("Starting session: {0}".format(self.name))

-        while True:
-            try:
-                self._handle_message_loop()
-            except exceptions.ConnectionClosed as e:
-                break
-            except Exception as e:
-                self._logger.info("Failure handling message loop")
-                self._logger.exception(e)
+        try:
+            self._connection.do_handshake()
+        except Exception as e:
+            self._logger.info("Failure running TLS handshake")
+            self._logger.exception(e)
+        else:
+            while True:
+                try:
+                    self._handle_message_loop()
+                except exceptions.ConnectionClosed as e:
+                    break
+                except Exception as e:
+                    self._logger.info("Failure handling message loop")
+                    self._logger.exception(e)

        self._connection.shutdown(socket.SHUT_RDWR)
        self._connection.close()