wsgi server should handle ENOTCONN error

[EricLin89]

cPython's ssl.py has merged a fix for CVE-2023-40217 several months ago. When a client closes the connection before SSL handshake is finished, and there's still data in the buffer, the server would raise an SSLError whose errno is ENOTCONN to prevent any potential malicious action from the client.

However, this can happend on some normal curcumstances (for example, client disconnects on connection timeout). When it happens, sock.accept() would raise an error that is not handled by wsgi server, thus cause the server to exit.

try:
    serv.log.info('({}) wsgi starting up on {}'.format(serv.pid, socket_repr(sock)))
    while is_accepting:
        try:
            client_socket, client_addr = sock.accept()           #  1. an SSLError(errno.ENOTCONN) will be raised
            client_socket.settimeout(serv.socket_timeout)
            serv.log.debug('({}) accepted {!r}'.format(serv.pid, client_addr))
            connections[client_addr] = connection = [client_addr, client_socket, STATE_IDLE]
            (pool.spawn(serv.process_request, connection)
                .link(_clean_connection, connection))
        except ACCEPT_EXCEPTIONS as e:
            if support.get_errno(e) not in ACCEPT_ERRNO:      # 2. the errno is not handled here
                raise
            else:
                break
finally:
    for cs in connections.values():
        prev_state = cs[2]
        cs[2] = STATE_CLOSE
        if prev_state == STATE_IDLE:
            greenio.shutdown_safe(cs[1])
    pool.waitall()
    serv.log.info('({}) wsgi exited, is_accepting={}'.format(serv.pid, is_accepting))     # 3. wsgi server is exited

[4383]

Hello,

Thanks for reporting this problem.

Do you want to propose a pull request to fix this issue? I'd be happy to review it and to help you.

Concerning your code snippet, please, can you provide a more complete reproducer?