From a60e6aac8a5fc0a6565d382553676f09b4bc4ecf Mon Sep 17 00:00:00 2001
From: Alberto Sottile <alby128@gmail.com>
Date: Tue, 19 Feb 2019 10:40:16 +0100
Subject: [PATCH] TLS cert rotation: attempt to load valid certs for 10 times
 before disabling TLS

---
 syncplay/constants.py | 2 ++
 syncplay/protocols.py | 2 +-
 syncplay/server.py    | 6 +++++-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/syncplay/constants.py b/syncplay/constants.py
index babe85d..5217a7a 100755
--- a/syncplay/constants.py
+++ b/syncplay/constants.py
@@ -187,6 +187,8 @@ STYLE_NOFILEITEM_COLOR = 'blue'
 STYLE_NOTCONTROLLER_COLOR = 'grey'
 STYLE_UNTRUSTEDITEM_COLOR = 'purple'
 
+TLS_CERT_ROTATION_MAX_RETRIES = 10
+
 USERLIST_GUI_USERNAME_OFFSET = 21  # Pixels
 USERLIST_GUI_USERNAME_COLUMN = 0
 USERLIST_GUI_FILENAME_COLUMN = 3
diff --git a/syncplay/protocols.py b/syncplay/protocols.py
index cf14a96..7607fad 100755
--- a/syncplay/protocols.py
+++ b/syncplay/protocols.py
@@ -669,7 +669,7 @@ class SyncServerProtocol(JSONCommandProtocol):
     def handleTLS(self, message):
         inquiry = message["startTLS"] if "startTLS" in message else None
         if "send" in inquiry:
-            if not self.isLogged() and self._factory.serverAcceptsTLS and self._factory.options is not None:
+            if not self.isLogged() and self._factory.serverAcceptsTLS:
                 lastEditCertTime = self._factory.checkLastEditCertTime()
                 if lastEditCertTime is not None and lastEditCertTime != self._factory.lastEditCertTime:
                     self._factory.updateTLSContextFactory()
diff --git a/syncplay/server.py b/syncplay/server.py
index e986e1a..6a14898 100755
--- a/syncplay/server.py
+++ b/syncplay/server.py
@@ -56,6 +56,7 @@ class SyncFactory(Factory):
             self._statsDbHandle = None
         if tlsCertPath is not None:
             self.certPath = tlsCertPath
+            self._TLSattempts = 0
             self._allowTLSconnections(self.certPath)
         else:
             self.certPath = None
@@ -230,6 +231,7 @@ class SyncFactory(Factory):
 
             self.options = contextFactory
             self.serverAcceptsTLS = True
+            print("TLS support is enabled.")
         except Exception as e:
             self.options = None
             self.serverAcceptsTLS = False
@@ -247,7 +249,9 @@ class SyncFactory(Factory):
 
     def updateTLSContextFactory(self):
         self._allowTLSconnections(self.certPath)
-
+        self._TLSattempts += 1
+        if self._TLSattempts < constants.TLS_CERT_ROTATION_MAX_RETRIES:
+            self.serverAcceptsTLS = True
 
 
 class StatsRecorder(object):