From Dan Kenigsberg <dan...@redhat.com>:

Dan Kenigsberg has submitted this change and it was merged. ( 
https://gerrit.ovirt.org/79668 )

Change subject: ssl: handle handshake errors
......................................................................


ssl: handle handshake errors

There are two possible errors (sslerror and socket.error) which are
raised during ssl handshake that need to be handled. We do not want
to see unhandled error backtraces in the logs which could easily
generate enourmos amount of logs when malicious client exploit it.
We log now only the occurence of the error and the offending IP address
that caused the error.

We fix the issue by handling both errors and cleanly closing file
descriptor.

Bug-url: https://bugzilla.redhat.com/1473295
Change-Id: I99cfa35e608f429640455c35495be1783854e3da
Signed-off-by: Piotr Kliczewski <piotr.kliczew...@gmail.com>
Signed-off-by: Irit Goihman <igoih...@redhat.com>
---
M lib/vdsm/sslutils.py
1 file changed, 6 insertions(+), 1 deletion(-)

Approvals:
  Martin Peřina: Looks good to me, but someone else must approve
  Yaniv Bronhaim: Looks good to me, but someone else must approve
  Jenkins CI: Passed CI tests
  Irit Goihman: Verified
  Dan Kenigsberg: Looks good to me, approved



-- 
To view, visit https://gerrit.ovirt.org/79668
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I99cfa35e608f429640455c35495be1783854e3da
Gerrit-PatchSet: 10
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Piotr Kliczewski <piotr.kliczew...@gmail.com>
Gerrit-Reviewer: Dan Kenigsberg <dan...@redhat.com>
Gerrit-Reviewer: Francesco Romani <from...@redhat.com>
Gerrit-Reviewer: Irit Goihman <igoih...@redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Martin Peřina <mper...@redhat.com>
Gerrit-Reviewer: Oved Ourfali <oourf...@redhat.com>
Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczew...@gmail.com>
Gerrit-Reviewer: Yaniv Bronhaim <ybron...@redhat.com>
Gerrit-Reviewer: gerrit-hooks <automat...@ovirt.org>
_______________________________________________
vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org
To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org

Reply via email to