[Twisted-Python] Strange SSL behaviour.
Dear all! I have a bug demonstration code. Blocking SSL works where Twisted one does not. It is below. How should I handle this case? Can anybody tell me what to do with this bug? I can dig into twisted sources, but I'm not a twisted specialist, so it could take weeks to boil them to get the dirt. Help me, please. Thank you. VV ---8<--- from twisted.python.util import println from twisted.protocols.basic import LineReceiver from twisted.internet import protocol, reactor, defer, ssl from twisted.python.failure import Failure from OpenSSL import crypto, SSL _CMD="""VERSION=MYPROXYv2 COMMAND=%d USERNAME=%s PASSPHRASE=%s LIFETIME=%d\0""" % (0, "LOGIN", 'PASSPHRASE', 100) WHERETO = ("myproxy.cern.ch",7512) ## Myproxy client protocol. class MyproxyClient(protocol.Protocol): def connectionMade(self): self.transport.write('0') # GT compat. stuff. self.transport.write(_CMD) def dataReceived(self, data): self.transport.loseConnection() def connectionLost(self, reason=protocol.connectionDone): d = self.factory.deferred if reason != protocol.connectionDone: d.errback(reason) else: d.callback(data) ## Myproxy client factory. class MyproxyClientFactory(protocol.ClientFactory): protocol = MyproxyClient def __init__(self): self.deferred = defer.Deferred() def clientConnectionFailed(self, connector, reason): self.deferred.errback(reason) ## Context factory suitable for local needs. class CF: def getContext(self): ctx = SSL.Context(SSL.SSLv3_METHOD) # disable for compatibility with myproxy server (er, globus) # globus doesn't handle this case, apparently, and instead # chokes in proxy delegation code ctx.set_options(0x00000800L) return ctx ctx = CF().getContext() import socket conn = SSL.Connection(ctx,socket.socket()) conn.connect(WHERETO) conn.write('0') conn.write(_CMD) dat = conn.recv(8192) print 'data received by blocking call\n', dat conn.close() del ctx f = MyproxyClientFactory() contextFactory = CF() reactor.connectSSL(WHERETO[0], WHERETO[1], f, contextFactory) f.deferred.addCallbacks( callback=lambda data:(println("data received", data),reactor.stop()), errback=lambda error:(println("an error occurred", error),reactor.stop())) reactor.run() ---8<--- Yours, VV
On Mon, 18 Jun 2007 18:49:26 +0400, Voznesensky Vladimir <vovic@nfi.kiae.ru> wrote:
Dear all!
I have a bug demonstration code. Blocking SSL works where Twisted one does not. It is below. How should I handle this case? Can anybody tell me what to do with this bug? I can dig into twisted sources, but I'm not a twisted specialist, so it could take weeks to boil them to get the dirt. Help me, please.
Hey, I took a look at your sample code a few days ago and nothing struck me as being the cause of this behavior. I just took another look and it still seems like this shouldn't be happening, although I noticed a few other miscellaneous problems with the Twisted client (none would manifest until it managed to get further than it does, though). Next I did a capture with ethereal and I noticed that the server is actually sending back unencrypted bytes in response to 0 + _CMD. It's not clear why it would reliably do this for the Twisted client and not for the version which directly uses OpenSSL, unless it is somehow timing related. I suppose at this point I'd check into the server's behavior to verify this observation and try to determine why it is behaving this way. Jean-Paul
Hi, Is it possible that Twisted changes some flags in the security context? VV Jean-Paul Calderone wrote:
Next I did a capture with ethereal and I noticed that the server is actually sending back unencrypted bytes in response to 0 + _CMD. It's not clear why it would reliably do this for the Twisted client and not for the version which directly uses OpenSSL, unless it is somehow timing related.
I suppose at this point I'd check into the server's behavior to verify this observation and try to determine why it is behaving this way.
Jean-Paul
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
participants (3)
-
Jean-Paul Calderone -
Vladimir Voznesensky -
Voznesensky Vladimir