m2crypto + asynchronous + stunnel
Hello, i tried the demo echod_asyn.py without any certification verification (I modified echod_lib.py) and when I connect on the port with stunnel I've got the following error : error: uncaptured python exception, closing channel <__main__.ssl_echo_channel connected 127.0.0.1:34593 at 0xb7c5560c> (M2Crypto.SSL.SSLError:unexpected record [/usr/lib/python2.3/asyncore.py|write|77] [/usr/lib/python2.3/asyncore.py|handle_write_event|397] [echod-async.py|handle_write|33] [/usr/lib/python2.3/site-packages/M2Crypto/SSL/Connection.py|accept_ssl|84]) Thanks for your help, Ktm -- http://mail.python.org/mailman/listinfo/python-list
pb ssl + select
Hi,
the following code (just taken on the example) blocks on recv unless I
uncomment the 'send' function. I tested it with stunnel. Select seems to
tell that there is something to read whereas there is nothing. Moreover
why does it block since I am in non blocking mode ?
-
from OpenSSL import SSL
import sys, os, select, socket
def verify_cb(conn, cert, errnum, depth, ok):
# This obviously has to be updated
print 'Got certificate: %s' % cert.get_subject()
return ok
if len(sys.argv) < 2:
print 'Usage: python[2] server.py PORT'
sys.exit(1)
dir = os.path.dirname(sys.argv[0])
if dir == '':
dir = os.curdir
# Initialize context
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.set_options(SSL.OP_NO_SSLv2)
ctx.set_verify(SSL.VERIFY_NONE, verify_cb) # Demand a certificate
ctx.use_privatekey_file (os.path.join(dir, 'cert/server.pkey'))
ctx.use_certificate_file(os.path.join(dir, 'cert/server.cert'))
ctx.load_verify_locations(os.path.join(dir, 'cert/CA.cert'))
# Set up server
server = SSL.Connection(ctx, socket.socket(socket.AF_INET,
socket.SOCK_STREAM))
server.bind(('', int(sys.argv[1])))
server.listen(3)
server.setblocking(0)
clients = {}
writers = {}
def dropClient(cli, errors=None):
if errors:
print 'Client %s left unexpectedly:' % (clients[cli],)
print ' ', errors
else:
print 'Client %s left politely' % (clients[cli],)
del clients[cli]
if writers.has_key(cli):
del writers[cli]
if not errors:
cli.shutdown()
cli.close()
__cli = None
while 1:
print 'select'
try:
r,w,_ = select.select([server]+clients.keys(), writers.keys(),
[], 1) except:
break
print '[ OK ]'
for cli in r:
if cli == server:
cli,addr = server.accept()
__cli = cli
print 'Connection from %s' % (addr,)
clients[cli] = addr
else:
try:
print 'recv...'
we block here ###
ret = cli.recv(1024)
print '[ OK ]'
except (SSL.WantReadError, SSL.WantWriteError,
SSL.WantX509LookupError):
pass
except SSL.ZeroReturnError:
dropClient(cli)
except SSL.Error, errors:
dropClient(cli, errors)
else:
if not writers.has_key(cli):
writers[cli] = ''
writers[cli] = writers[cli] + ret
# if we decomment this it is ok
###if __cli:
###print 'send'
###__cli.send('test\n') ###print '[ OK ]'
for cli in w:
try:
ret = cli.send(writers[cli])
except (SSL.WantReadError, SSL.WantWriteError,
SSL.WantX509LookupError):
pass
except SSL.ZeroReturnError:
dropClient(cli)
except SSL.Error, errors:
dropClient(cli, errors)
else:
writers[cli] = writers[cli][ret:]
if writers[cli] == '':
del writers[cli]
for cli in clients.keys():
cli.close()
server.close()
--
http://mail.python.org/mailman/listinfo/python-list
select + ssl
Hello,
I don't have the same behaviour with two codes who are quite the same,
one using SSL, the other not. I tested the programs with stunnel and
telnet , respectively.
Here are the first code :
#!/usr/bin/python
from select import select
import socket
if __name__ == '__main__':
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('', 6001))
s.listen(5)
ready_read = {}
ready_send = {}
ready_read[s] = s
while True:
rs, ws, _ = select(ready_read.keys(), ready_send.keys(), [], 2)
print '.'
for r in rs:
if r == s:
(cli, addr) = s.accept()
ready_send[cli] = cli
ready_read[cli] = cli
else:
ret = r.recv(1000)
print 'ret =', ret
for w in ws:
w.send('you have to give up')
The client receive the 'you have to give up' sentence every two seconds.
The second code is :
#!/usr/bin/python
from select import select
import socket
from OpenSSL import SSL
import os
def verify_cb():
return ok
if __name__ == '__main__':
dir = ''
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.set_options(SSL.OP_NO_SSLv2)
ctx.set_verify(SSL.VERIFY_NONE, verify_cb)
ctx.use_privatekey_file (os.path.join(dir, 'server.pkey'))
ctx.use_certificate_file(os.path.join(dir, 'server.cert'))
ctx.load_verify_locations(os.path.join(dir, 'CA.cert'))
s = SSL.Connection(ctx, socket.socket(socket.AF_INET,
socket.SOCK_STREAM))
#s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('', 6000))
s.listen(5)
s.setblocking(0)
ready_read = {}
ready_send = {}
ready_read[s] = s
while True:
rs, ws, _ = select(ready_read.keys(), ready_send.keys(), [], 2)
print '.'
for r in rs:
if r == s:
(cli, addr) = s.accept()
ready_send[cli] = cli
ready_read[cli] = cli
else:
ret = r.recv(1000)
print 'ret =', ret
for w in ws:
w.send('you have to give up')
The server blocks on recv here.
In both case I don't send anything with the client. (Perhaps stunnel
send something that I don't see ?)
Why does the server block ?
Kototama
--
http://mail.python.org/mailman/listinfo/python-list
