Jean-Paul Calderone wrote:
This solution has at least two related problems: * it will block the reactor until the handshake for that client completes,
Yes, it's ugly. Not being able to run other application code is no problem in my case, so I thought I could live with that. But the possibe DoS attack you mentioned should be avoided, of course.
The ideal solution would be to fix the bug in Twisted's SSL support so that connectionMade is called at the right time.
This would be nice. Maybe I should take a deeper look at Twisted's SSL code.
Another possible solution might be to do your verification using the SSL context object.
Could you elaborate on this? I think I am already using the SSL context object to do the verification: theCert = ssl.PrivateCertificate.loadPEM(open(myKey).read()) theCA = ssl.Certificate.loadPEM(open(trustedCA).read()) ctx = theCert.options(theCA) ctx.verify = True ctx.verifyDepth = 9 ctx.requireCertificate = True ctx.verifyOnce = False application = service.Application("MySSLServer") MyService = internet.SSLServer(listenport, MyAppFactory(), ctx) MyService.setServiceParent(application) (Above code obviously will not run. Just to show the basic steps I take.) Regards Dirk