chore: version 1.3.2

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "stapler"
-version = "1.3.0"
+version = "1.3.2"
 description = "Static pages as simple as a gzip file"
 requires-python = ">=3.14"
 dependencies = [

stapler/cert_manager.py

@@ -185,11 +185,16 @@ class CertManager:
             return False
         return self.__exists_certbot(host)
 
-    def sni_callback(
-        self, socket: ssl.SSLObject, host: str | None, _: ssl.SSLContext, /
+    def servername_callback(
+        self,
+        socket: ssl.SSLSocket | ssl.SSLObject,
+        host: str | None,
+        _: ssl.SSLSocket,
+        /,
     ) -> None | int:
         if host is None:
             return None
+        self.logger.debug("servername callback: %s", host)
         if not self.exists(host) and not self.create_or_update(host):
             return None
         cert_file = self.get_cert(host)
@@ -200,6 +205,7 @@ class CertManager:
                 cert_file,
                 key_file,
             )
+            new_context.set_alpn_protocols(["http/1.1"])
             socket.context = new_context
         except Exception:
             self.logger.exception("Could not create HTTPS context for %s", host)

stapler/handlers.py

@@ -27,6 +27,7 @@ if typing.TYPE_CHECKING:
 
 class BaseHandler(abc.ABC, http.server.BaseHTTPRequestHandler):
     timeout = 10
+    protocol_version = "HTTP/1.1"
     REQUEST_COUNT = 0
 
     @typing.override
@@ -111,6 +112,8 @@ class BaseHandler(abc.ABC, http.server.BaseHTTPRequestHandler):
     @typing.override
     def log_request(self, code: str = "?", size: str = "-") -> None:  # ty:ignore[invalid-method-override] # pragma: no cover
         if isinstance(code, http.HTTPStatus):
+            code = code.value
+        if isinstance(code, int):
             color = logs.TermColor.RED
             if 100 <= code < 200:
                 color = logs.TermColor.CYAN
@@ -120,7 +123,7 @@ class BaseHandler(abc.ABC, http.server.BaseHTTPRequestHandler):
                 color = logs.TermColor.BLUE
             elif 400 <= code < 500:
                 color = logs.TermColor.YELLOW
-            code = color + str(code.value) + logs.TermColor.RESET
+            code = color + str(code) + logs.TermColor.RESET
         if size == "" and self.out_size > 0:
             size = str(self.out_size)
         args = (
@@ -193,6 +196,7 @@ class BaseHandler(abc.ABC, http.server.BaseHTTPRequestHandler):
                 headers=headers,
                 allow_redirects=False,
                 timeout=480,
+                stream=False,
             )
         except Exception as e:
             self.send_error(
@@ -385,6 +389,7 @@ class RequestHandler(http.server.SimpleHTTPRequestHandler, BaseHandler):
             self._pre_log_request()
             if not self._proxy_or_redirect():
                 super().do_HEAD()
+            self.close_connection = True
 
     @typing.override
     def do_GET(self) -> None:
@@ -394,7 +399,9 @@ class RequestHandler(http.server.SimpleHTTPRequestHandler, BaseHandler):
                 return None
             if self.path == "/" and self.host == self.default_host:
                 return self.send_basic_body(self.server_signature())
-            return super().do_GET()
+            super().do_GET()
+            self.close_connection = True
+            return None
 
     def do_PUT(self) -> None:
         with self.handle_errors():
@@ -620,16 +627,19 @@ class RequestHandler(http.server.SimpleHTTPRequestHandler, BaseHandler):
 
 
 class UpgradeHandler(RequestHandler):
+    protocol_version = "HTTP/1.0"
     server_version = "StaplerUpgradeServer/" + PKG_VERSION
 
     def do_HEAD(self) -> None:
         with self.handle_errors():
             self._pre_log_request()
             self.send_redirect(f"https://{self.host}{self.path}")
+            self.close_connection = True
 
     def do_GET(self) -> None:
         with self.handle_errors():
             if self.path.startswith(self.CERTBOT_CHALLENGE_PATH):
                 super().do_GET()
+                self.close_connection = True
             else:
                 self.do_HEAD()

stapler/server.py

@@ -29,7 +29,6 @@ class StaplerServer:
         "logger",
         "params",
         "registry",
-        "server",
         "token_manager",
     ]
 
@@ -41,7 +40,6 @@ class StaplerServer:
         self.token_manager: TokenManager = TokenManager(params, self.registry)
         self.data_dir: DataDir = DataDir(params.data_dir)
         self.default_host: str = params.host.split(":", maxsplit=2)[0]
-        self.server: http.server.ThreadingHTTPServer | None = None
 
     def __get_all_hosts(self) -> list[str]:
         return [self.default_host, *self.registry.get_hosts()]
@@ -75,7 +73,7 @@ class StaplerServer:
             )
             context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
             server.socket = context.wrap_socket(server.socket, server_side=True)
-            context.sni_callback = self.cert_manager.sni_callback
+            context.set_servername_callback(self.cert_manager.servername_callback)
         else:
             server = http.server.ThreadingHTTPServer(
                 (
@@ -131,7 +129,7 @@ class StaplerServer:
         for line in STAPLER_ASCII.split("\n"):
             self.logger.debug(line.ljust(36))
         self.__startup()
-        self.server = self.__create_base_server()
+        base_server = self.__create_base_server()
         upgrade_server = self.__start_upgrade_server() if self.params.https else None
         self.logger.info(
             "Server up and ready on %s://%s",
@@ -140,7 +138,7 @@ class StaplerServer:
         )
         self.__start_background_tasks()
         with contextlib.suppress(KeyboardInterrupt):
-            self.server.serve_forever()
+            base_server.serve_forever()
         self.logger.info("Shutting down...")
         if upgrade_server is not None:
             upgrade_server.shutdown()

tests/test_cert_manager.py

@@ -161,24 +161,26 @@ class TestRegistry(BaseTestCase):
             lambda: self.cert_manager.get_key("example.com"),
         )
 
-    def test_sni_callback_no_host(self) -> None:
+    def test_servername_callback_no_host(self) -> None:
         self._make_self_signed("example.com")
         with (
             self.patch("ssl.create_default_context", count=0),
         ):
-            self.cert_manager.sni_callback(self.socket_mock, None, self.context_mock)
+            self.cert_manager.servername_callback(
+                self.socket_mock, None, self.context_mock
+            )
 
-    def test_sni_callback_fail(self) -> None:
+    def test_servername_callback_fail(self) -> None:
         self._make_self_signed("example.com")
         with (
             self.patch("shutil.which", count=3),
             self.patch("ssl.create_default_context", count=0),
         ):
-            self.cert_manager.sni_callback(
+            self.cert_manager.servername_callback(
                 self.socket_mock, "example.fr", self.context_mock
             )
 
-    def test_sni_callback_create_context(self) -> None:
+    def test_servername_callback_create_context(self) -> None:
         self._make_self_signed("example.com")
         with (
             self.patch("ssl.create_default_context", return_value=self.context_mock),
@@ -191,18 +193,18 @@ class TestRegistry(BaseTestCase):
             ),
             self.patch("shutil.which", count=0),
         ):
-            self.cert_manager.sni_callback(
+            self.cert_manager.servername_callback(
                 self.socket_mock, "example.com", self.context_mock
             )
 
-    def test_sni_callback_create_context_fail(self) -> None:
+    def test_servername_callback_create_context_fail(self) -> None:
         self._make_self_signed("example.com")
         with (
             self.patch("ssl.create_default_context", return_value=self.context_mock),
             self.patch("shutil.which", count=0),
         ):
             self.context_mock.load_cert_chain.side_effect = Exception
-            self.cert_manager.sni_callback(
+            self.cert_manager.servername_callback(
                 self.socket_mock, "example.com", self.context_mock
             )
             self.context_mock.load_cert_chain.assert_called_once_with(

tests/test_handlers.py

@@ -859,6 +859,7 @@ class TestRequestHandler(BaseHandlerTestCase):
                     },
                     "allow_redirects": False,
                     "timeout": 480,
+                    "stream": False,
                 },
             ),
             self.expects_status_only(handler, 200, "OK"),
@@ -903,6 +904,7 @@ class TestRequestHandler(BaseHandlerTestCase):
                     },
                     "allow_redirects": False,
                     "timeout": 480,
+                    "stream": False,
                 },
             ),
             self.expects_status_only(handler, 200, "OK"),
@@ -945,6 +947,7 @@ class TestRequestHandler(BaseHandlerTestCase):
                     },
                     "allow_redirects": False,
                     "timeout": 480,
+                    "stream": False,
                 },
             ),
             self.expects_basic_body(handler, "hello", message="OK"),
@@ -979,6 +982,7 @@ class TestRequestHandler(BaseHandlerTestCase):
                     },
                     "allow_redirects": False,
                     "timeout": 480,
+                    "stream": False,
                 },
             ) as request_mock,
             self.expects_status_only(
@@ -1022,6 +1026,7 @@ class TestRequestHandler(BaseHandlerTestCase):
                     },
                     "allow_redirects": False,
                     "timeout": 480,
+                    "stream": False,
                 },
             ),
             self.expects_status_only(handler, 200, "OK"),
@@ -1062,6 +1067,7 @@ class TestRequestHandler(BaseHandlerTestCase):
                     },
                     "allow_redirects": False,
                     "timeout": 480,
+                    "stream": False,
                 },
             ),
             self.expects_status_only(handler, 200, "OK"),

tests/test_server.py

@@ -65,7 +65,7 @@ class TestStaplerServer(BaseTestCase):
 
     def test_run_https(self) -> None:
         self.token_manager.detect_file_change.side_effect = KeyboardInterrupt
-        self.cert_manager.sni_callback = unittest.mock.Mock()
+        self.cert_manager.servername_callback = unittest.mock.Mock()
         with (
             self.mock_call(self.registry.load_pages),
             self.mock_call(self.cert_manager.init),
@@ -74,6 +74,7 @@ class TestStaplerServer(BaseTestCase):
             self.patch("ssl.create_default_context", return_value=self.context_mock),
             self.patch("http.server.ThreadingHTTPServer", self.server_mock, 2),
             self.mock_call_unchecked(self.context_mock.wrap_socket),
+            self.mock_call_unchecked(self.context_mock.set_servername_callback),
             self.mock_calls_unchecked(self.server_mock.serve_forever, 2),
             self.mock_call(self.server_mock.shutdown),
             self.seal_mocks(),

uv.lock

@@ -212,7 +212,7 @@ wheels = [
 
 [[package]]
 name = "stapler"
-version = "1.3.0"
+version = "1.3.2"
 source = { editable = "." }
 dependencies = [
     { name = "requests" },