gh-109765: Detect TLS handshake attempt in HTTP server

[donBarbos]

I set self.requestline = "[TLS handshake bytes]" because BaseHTTPRequestHandler print self.requestline as a log, but it is bytes and to keep requestline readable I use "[TLS handshake bytes]" string value

• Issue: http.server.BaseHTTPRequestHandler: Unhelpful error message when receiving HTTPS requests #109765

[9001]

just to offer an alternative take on this,

in a python webserver where I support both http and https on the same port, i went with the following approach for identifying (presumably) TLS traffic:

HTTP_VERB = re.compile(br"[A-Z]{3}[A-Z ]")

def handle_connection(client_socket):
    # obtain the first 4 bytes of the requestline somehow, then...
    is_https = not HTTP_VERB.match(first_4_bytes)

this has the advantage that it also detects SSLv3 connections, which at the time was still relevant.

in my case I'm using client_socket.recv(4, socket.MSG_PEEK) to check if the connection is TLS or not, but in this case it's indeed sufficient to check the raw_requestline.

[donBarbos]

@9001 thanks for your suggestion. It seems it really covers more cases and is more universal but i would not like to increase importtime without serious reasons especially since i would like to get rid of unnecessary imports or somehow reduce this time.

But we can add a check method without the re module, like:

def is_http_verb(s: bytes) -> bool:
    return s[:3].isalpha() and s[:3].isupper() and (s[3].isupper() or s[3] == b' '[0])

And still I would prefer to wait for an answer from one of the core members. what they will say