1 files changed, 18 insertions, 4 deletions

diff --git a/extras/qmf/src/py/qmf/console.py b/extras/qmf/src/py/qmf/console.py
index af5d1da5ca..0a30176ed5 100644
--- a/extras/qmf/src/py/qmf/console.py
+++ b/extras/qmf/src/py/qmf/console.py
@@ -25,6 +25,7 @@ import qpid
 import struct
 import socket
 import re
+import sys
 from qpid.datatypes  import UUID
 from qpid.datatypes  import timestamp
 from qpid.datatypes  import datetime
@@ -2423,11 +2424,21 @@ class Broker(Thread):
       oldTimeout = sock.gettimeout()
       sock.settimeout(self.connTimeout)
       connSock = None
+      force_blocking = False
       if self.ssl:
+        # Bug (QPID-4337): the "old" implementation of python SSL
+        # fails if the socket is set to non-blocking (which settimeout()
+        # may change).
+        if sys.version_info[:2] < (2, 6):  # 2.6+ uses openssl - it's ok
+          force_blocking = True
+          sock.setblocking(1)
+        certfile = None
         if 'ssl_certfile' in self.connectArgs:
-          connSock = ssl(sock, certfile=self.connectArgs['ssl_certfile'])
-        else:
-          connSock = ssl(sock)
+          certfile = self.connectArgs['ssl_certfile']
+        keyfile = None
+        if 'ssl_keyfile' in self.connectArgs:
+          keyfile = self.connectArgs['ssl_keyfile']
+        connSock = ssl(sock, certfile=certfile, keyfile=keyfile)
       else:
         connSock = sock
       self.conn = Connection(connSock, username=self.authUser, password=self.authPass,
@@ -2438,7 +2449,10 @@ class Broker(Thread):
       oldAborted = self.conn.aborted
       self.conn.aborted = aborted
       self.conn.start()
-      sock.settimeout(oldTimeout)
+      
+      # Bug (QPID-4337): don't enable non-blocking (timeouts) for old SSL
+      if not force_blocking:
+        sock.settimeout(oldTimeout)
       self.conn.aborted = oldAborted
       uid = self.conn.user_id
       if uid.__class__ == tuple and len(uid) == 2: