Re: [Twisted-Python] Twisted + tlslite
At 05:40 AM 3/7/2004 +0000, exarkun@divmod.com wrote:
On Fri, 05 Mar 2004 22:33:48 -0800, Trevor Perrin <trevp@trevp.net> wrote:
[...] I recently wrote an SSL library in python [1] and got it working with asyncore. I'd like to make it useable with Twisted too.[...] [...] One tip: don't try to integrate with the existing SSL code. The implementation is very much a result of the API limitations of PyOpenSSL. Preferably, a new implementation will provide SSL support as a protocol instead of a transport. For examples of how this can be done, see twisted.protocols.policies.
Hi JP, thanks for the tip! I've got a first-draft done and it seems to work pretty well. One thing I'm not sure about is exception handling. When TLS Lite throws an exception, is there anywhere I can plug-in a handler or something? The code is at http://trevp.net/tlslite/, if anyone's curious. Below is an example of using it. Echo1 does a TLS handshake when the client connects, and Echo2 does a handshake when the client sends "STARTTLS". class Echo(LineReceiver): def connectionMade(self): self.transport.write("Welcome to the echo server!\r\n") def lineReceived(self, line): self.transport.write(line + "\r\n") class Echo1(Echo): def connectionMade(self): if not self.transport.tlsStarted: self.transport.setServerHandshakeOp(certChain=certChain, privateKey=privateKey) else: Echo.connectionMade(self) class Echo2(Echo): def lineReceived(self, data): if data == "STARTTLS": self.transport.setServerHandshakeOp(certChain=certChain, privateKey=privateKey) else: Echo.lineReceived(self, data) factory = Factory() factory.protocol = Echo1 #factory.protocol = Echo2 wrappingFactory = WrappingFactory(factory) wrappingFactory.protocol = tlslite.TLSTwistedProtocolWrapper Trevor
On Thu, 2004-03-11 at 02:38, Trevor Perrin wrote:
One thing I'm not sure about is exception handling. When TLS Lite throws an exception, is there anywhere I can plug-in a handler or something?
Typically we have callbacks for error conditions. For TLS you usually want to close the connection, no? So you'd pass the exception to connectionLost wrapped in a Failure, perhaps.
The code is at http://trevp.net/tlslite/, if anyone's curious. Below is an example of using it. Echo1 does a TLS handshake when the client connects, and Echo2 does a handshake when the client sends "STARTTLS".
That's really cool. -- Itamar Shtull-Trauring http://itamarst.org Looking for a job: http://itamarst.org/resume.html
At 12:25 AM 3/12/2004 -0500, Itamar Shtull-Trauring wrote:
On Thu, 2004-03-11 at 02:38, Trevor Perrin wrote:
One thing I'm not sure about is exception handling. When TLS Lite throws an exception, is there anywhere I can plug-in a handler or something?
Typically we have callbacks for error conditions. For TLS you usually want to close the connection, no? So you'd pass the exception to connectionLost wrapped in a Failure, perhaps.
Hi Itamar, Thanks. I think I managed to implement this, but I'm unsure if I'm trying to accomplish the right thing, and if I did it properly. If you or anyone could glance over this, I'd really appreciate it. Background: there's a class which subclasses ProtocolWrapper. It overrides dataReceived and does "TLS stuff". The "TLS stuff" will call ProtocolWrapper.dataReceived when it's processed a whole record. What I'm trying to do: If the "TLS stuff" raises an exception, the connection should be closed and the exception should be made available to the wrapped protocol via connectionLost. If a TLS exception isn't raised, connectionLost should be called normally, when the connection is shut down. connectionLost should only be called once when a TLS exception is raised; i.e., if it's called with a TLS exception, then it *should not* be called when the TCP connection is closed. How I'm doing it: I catch TLS exceptions in dataReceived, and then call through to ProtocolWrapper.connectionLost() with a wrapped error. I keep a flag to indicate whether connectionLost was called, and only let it be called once: def dataReceived(self, data): try: #TLS STUFF except tlsErrors, e: self.connectionLost(Failure(e)) ProtocolWrapper.loseConnection(self) def connectionLost(self, reason): if not self.connectionLostCalled: ProtocolWrapper.connectionLost(self, reason) self.connectionLostCalled = True How does this look? Trevor (the whole thing is here, fwiw: http://trevp.net/tlslite/)
On Sat, 2004-03-13 at 01:51, Trevor Perrin wrote:
Thanks. I think I managed to implement this, but I'm unsure if I'm trying to accomplish the right thing, and if I did it properly. If you or anyone could glance over this, I'd really appreciate it.
It sounds vaguely correct, but I'm not concentrating enough to be certain. As always, when in doubt, write more tests ;) -- Itamar Shtull-Trauring http://itamarst.org Looking for a job: http://itamarst.org/resume.html
participants (2)
-
Itamar Shtull-Trauring -
Trevor Perrin