On Apr 28, 2010, at 8:48 AM, Jonathan Lundell wrote:
> On Apr 28, 2010, at 6:56 AM, Jonathan Lundell wrote:
>
>> 2) if a "localhost" managed server is configured using the same port
>> as [web2py], but http protocol, atttempting to connect to that URL
>> will cause [web2py] to become unresponsive to all requests until it
>> is restarted. With the same configuration, prior versions will
>> display an "unable to obtain API version" warning, but will remain
>> functional. The configuration attempted was:
>>
>> Name: localhost
>> Description: Localhost
>> URL: http://127.0.0.1:8004
>
> OK, I have a clarification on this one. I had misinterpreted the report.
>
>
> In the above case, web2py is configured as https-only, port 8004.
>
> The web2py app is configured to *talk* to another (non-web2py) entity at
> http://localhost:8004. This is a conflict, of course. But with CherryPy, the
> communication simply failed (resulting in the 'API version' message above;
> I'll try to find out what the underlying error was). With Rocket, web2py
> becomes unresponsive and has to be restarted.
More data.
It seems that CherryPy explicitly detects an attempt to make an http connection
to its https socket and sends back a "400 Bad Request" (which I'm seeing). If
you're poking around in CherryPy, the key bit of code is this:
if thirdarg == 'http request':
# The client is talking HTTP to an HTTPS server.
raise NoSSLError()
...and you can see how it deals with NoSSLError elsewhere.
My impression is that Rocket simply closes the connection, but a) I could be
wrong, and b) whatever is going on isn't enough.
Try this simple test: start web2py/rocket in SSL mode, and then use Firefox or
Safari (all I've tried it with) to connect to that port with http. You should
see the browser hang. Well, you shouldn't, really, but you will. I think.
At this point, I'm sort of stuck. I'd like to upgrade web2py for an upcoming
release, but I can't.
