BIND 10 master, updated. 09f557d871faef090ed444ebeee7f13e142184a0 Merge branch 'trac2962'

[BIND 10 source code commits]

The branch, master has been updated
       via  09f557d871faef090ed444ebeee7f13e142184a0 (commit)
       via  2b589c6418e5882bd14bc9471d292d6fc21247d2 (commit)
       via  35c53d9ab3422ba82ebd2c4f9afb73f1a5dc58dc (commit)
       via  940eae0ca5d303a9420747a5c84358f91515075c (commit)
      from  9c3f96ecec2fe57a90680b80fbee8079c94c87f3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 09f557d871faef090ed444ebeee7f13e142184a0
Merge: 9c3f96e 2b589c6
Author: Mukund Sivaraman <muks at isc.org>
Date:   Mon Aug 5 11:53:15 2013 +0530

    Merge branch 'trac2962'

-----------------------------------------------------------------------

Summary of changes:
 src/bin/cmdctl/Makefile.am          |   13 ++++++++++---
 src/bin/cmdctl/cmdctl.py.in         |    7 ++++---
 src/bin/cmdctl/tests/cmdctl_test.py |   13 ++++++-------
 3 files changed, 20 insertions(+), 13 deletions(-)

-----------------------------------------------------------------------
diff --git a/src/bin/cmdctl/Makefile.am b/src/bin/cmdctl/Makefile.am
index 72a400a..54be50f 100644
--- a/src/bin/cmdctl/Makefile.am
+++ b/src/bin/cmdctl/Makefile.am
@@ -57,12 +57,19 @@ b10_certgen_CXXFLAGS = $(BOTAN_INCLUDES)
 b10_certgen_LDFLAGS = $(BOTAN_LIBS)
 
 # Generate the initial certificates immediately
-cmdctl-certfile.pem: b10-certgen
-	./b10-certgen -q -w
-
 cmdctl-keyfile.pem: b10-certgen
 	./b10-certgen -q -w
 
+# This is a hack, as b10-certgen creates both cmdctl-keyfile.pem and
+# cmdctl-certfile.pem, and in a parallel make, making these targets
+# simultaneously may result in corrupted files. With GNU make, there is
+# a non-portable way of working around this with pattern rules, but we
+# adopt this hack instead. The downside is that cmdctl-certfile.pem will
+# not be re-generated if cmdctl-keyfile.pem exists and is older. See
+# Trac ticket #2962.
+cmdctl-certfile.pem: cmdctl-keyfile.pem
+	touch $(builddir)/cmdctl-keyfile.pem
+
 if INSTALL_CONFIGURATIONS
 
 # Below we intentionally use ${INSTALL} -m 640 instead of $(INSTALL_DATA)
diff --git a/src/bin/cmdctl/cmdctl.py.in b/src/bin/cmdctl/cmdctl.py.in
index 7a9e8b8..61c9eb7 100755
--- a/src/bin/cmdctl/cmdctl.py.in
+++ b/src/bin/cmdctl/cmdctl.py.in
@@ -601,12 +601,13 @@ class SecureHTTPServer(socketserver_mixin.NoPollMixIn,
             # error)
             return ssl_sock
         except ssl.SSLError as err:
+            self.close_request(sock)
             logger.error(CMDCTL_SSL_SETUP_FAILURE_USER_DENIED, err)
+            raise
         except (CmdctlException, IOError) as cce:
+            self.close_request(sock)
             logger.error(CMDCTL_SSL_SETUP_FAILURE_READING_CERT, cce)
-        self.close_request(sock)
-        # raise socket error to finish the request
-        raise socket.error
+            raise
 
     def get_request(self):
         '''Get client request socket and wrap it in SSL context. '''
diff --git a/src/bin/cmdctl/tests/cmdctl_test.py b/src/bin/cmdctl/tests/cmdctl_test.py
index 2dd30c8..3e72ea7 100644
--- a/src/bin/cmdctl/tests/cmdctl_test.py
+++ b/src/bin/cmdctl/tests/cmdctl_test.py
@@ -15,7 +15,7 @@
 
 
 import unittest
-import socket
+import ssl, socket
 import tempfile
 import time
 import stat
@@ -729,16 +729,15 @@ class TestSecureHTTPServer(unittest.TestCase):
     def test_wrap_sock_in_ssl_context(self):
         sock = socket.socket()
 
-        # Bad files should result in a socket.error raised by our own
-        # code in the basic file checks
-        self.assertRaises(socket.error,
+        # Bad files should result in a CmdctlException in the basic file
+        # checks
+        self.assertRaises(CmdctlException,
                           self.server._wrap_socket_in_ssl_context,
                           sock,
                           'no_such_file', 'no_such_file')
 
-        # Using a non-certificate file would cause an SSLError, which
-        # is caught by our code which then raises a basic socket.error
-        self.assertRaises(socket.error,
+        # Using a non-certificate file would cause an SSLError
+        self.assertRaises(ssl.SSLError,
                           self.server._wrap_socket_in_ssl_context,
                           sock,
                           BUILD_FILE_PATH + 'cmdctl.py',