httplib and HTTPS Connections

2006-10-16 Thread runningwild 
Helo,

This is the first time I have cared about httplib's HTTPSConnection.

In the docs I read "Note: HTTPS support is only available if the socket
module was compiled with SSL support."

Although my small test script "seems" to work when connecting to a
webserver via HTTPS I am really not sure.

In other words it worked the first time. I never trust anything that
seems to work right the first time. ;-)

My question is how can I tell if the criteria in the "NOTE:" is met?
How do I know that the socket module was indeed compled with SSL
support?

The reason this is important is that I am building a credit card
payment system.

Here is my little test script

Python 2.4.3

import httplib
conn = httplib.HTTPSConnection('**')
conn.request('GET' '/index.html')
resp = conn.getresponse()

page = resp.read()
print page

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: httplib and HTTPS Connections

2006-10-16 Thread runningwild 

runningwild wrote:
> Helo,
>
> This is the first time I have cared about httplib's HTTPSConnection.
>
> In the docs I read "Note: HTTPS support is only available if the socket
> module was compiled with SSL support."
>
> Although my small test script "seems" to work when connecting to a
> webserver via HTTPS I am really not sure.
>
> In other words it worked the first time. I never trust anything that
> seems to work right the first time. ;-)
>
> My question is how can I tell if the criteria in the "NOTE:" is met?
> How do I know that the socket module was indeed compled with SSL
> support?
>
> The reason this is important is that I am building a credit card
> payment system.
>
> Here is my little test script
> 
> Python 2.4.3
>
> import httplib
> conn = httplib.HTTPSConnection('**')
> conn.request('GET' '/index.html')
> resp = conn.getresponse()
>
> page = resp.read()
> print page

Quick followup:

I just got off the phone with my sys admin. Python was compiled with
the ssl flag turned on.
ssl does work other applications.

I am assuming we are covered. I just want to be sure.

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: httplib and HTTPS Connections

2006-10-18 Thread runningwild 

Heikki Toivonen wrote:
> runningwild wrote:
> > This is the first time I have cared about httplib's HTTPSConnection.
>
> Please note that the Python builtin SSL support is not really secure. It
> does not make sure that you connect to the site you think you are
> connecting to, for example.
>
> If you really need secure SSL (what is the point of SSL if not secure I
> ask) you should look at other Python modules. There are several to
> choose from, for example M2Crypto (I am the maintainer of that), TLS
> Lite, PyOpenSSL, PyOpenSSL-extended, and possibly others that I am
> forgetting right now.
>
> --
>   Heikki Toivonen

Thanks Heikki,

I downloaded the varioius packages and read through the source code and
docs that came with them.

I am trying to get M2Crypto to work on my workstation. (WinXP/Cygwin,
Python 2.4.4 under cygwin)

Everything seemed to compile and install correctly.

When I try to run https_cli.py however I get the following exception:

LOOP: SSL connect: before/connect initialization
INFO: SSL connect: SSLv2 write client hello A
Traceback (most recent call last):
  File "https_cli.py", line 41, in ?
test_httpslib()
  File "https_cli.py", line 21, in test_httpslib
h.endheaders()
  File "/usr/local/lib/python2.4/httplib.py", line 798, in endheaders
self._send_output()
  File "/usr/local/lib/python2.4/httplib.py", line 679, in _send_output
self.send(msg)
  File "/usr/local/lib/python2.4/httplib.py", line 646, in send
self.connect()
  File "/usr/local/lib/python2.4/site-packages/M2Crypto/httpslib.py",
line 43, in connect
self.sock.connect((self.host, self.port))
  File
"/usr/local/lib/python2.4/site-packages/M2Crypto/SSL/Connection.py",
line 154, in connect
ret = self.connect_ssl()
  File
"/usr/local/lib/python2.4/site-packages/M2Crypto/SSL/Connection.py",
line 147, in connect_ssl
return m2.ssl_connect(self.ssl)
M2Crypto.SSL.SSLError: no ciphers available

The no ciphers available seems to be comming from the ssl installation
so I decided to test it with a different client.

%links https://localhost:9443/

This worked just fine showing me the directory listing and allowing me
to navigate.
This was also true for firefox when connecting to
https://localhost:9443/ from the server in
demos/httts.howto/orig_https_srv.py

Any idea what is going on here?

-- 
http://mail.python.org/mailman/listinfo/python-list