[Twisted-Python] transport.getPeerCertificate in connectionMade
All, It's been my observation that this code: class MyProto(protocol.Protocol): def connectionMade(self): print self.transport.getPeerCertificate() self.transport.loseConnection() class MyFactory(protocol.ClientFactory): def buildProtocol(self, addr): return MyProto() def main(): factory = MyFactory() ctxfact = ssl.ClientContextFactory() reactor.connectSSL(host, port, factory, ctxfact) reactor.run() ...will print "None". It seems that connectSSL calls connectionMade at TCP connection time, not when SSL has completed. This seems unintuitive to me because I've called "connectSSL" not "connectTCP", but I guess may be hard to fix given the way the code works? At the very least, should this be documented? Or could we have an interface e.g. class ISSLProtocol(interface): def sslReady(): """called when the SSL layer is ready""" ...and people who are interested can "implements()" it to get the callback?
On Aug 20, 2012, at 4:52 AM, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
All,
It's been my observation that this code:
class MyProto(protocol.Protocol):
def connectionMade(self): print self.transport.getPeerCertificate() self.transport.loseConnection()
class MyFactory(protocol.ClientFactory):
def buildProtocol(self, addr): return MyProto()
def main(): factory = MyFactory() ctxfact = ssl.ClientContextFactory() reactor.connectSSL(host, port, factory, ctxfact) reactor.run()
...will print "None". It seems that connectSSL calls connectionMade at TCP connection time, not when SSL has completed. This seems unintuitive to me because I've called "connectSSL" not "connectTCP", but I guess may be hard to fix given the way the code works?
At the very least, should this be documented?
Or could we have an interface e.g.
class ISSLProtocol(interface): def sslReady(): """called when the SSL layer is ready"""
...and people who are interested can "implements()" it to get the callback?
Yup, it's a bug, reported 3 years ago: <http://twistedmatrix.com/trac/ticket/3687> It's definitely a problem. Perhaps worse is the fact that startTLS() doesn't directly give you that notification either. Please feel free to contribute a fix :). -glyph
On 20/08/12 18:50, Glyph wrote:
Yup, it's a bug, reported 3 years ago:
<http://twistedmatrix.com/trac/ticket/3687>
It's definitely a problem. Perhaps worse is the fact that startTLS() doesn't directly give you that notification either. Please feel free to contribute a fix :).
Would the best approach be to open a new ticket, or re-open that with with tests & patch? I'm thinking that something akin to IHalfCloseable, given the discussion in the original ticket.
On Aug 21, 2012, at 6:20 AM, Phil Mayers <p.mayers@imperial.ac.uk> wrote:
On 20/08/12 18:50, Glyph wrote:
Yup, it's a bug, reported 3 years ago:
<http://twistedmatrix.com/trac/ticket/3687>
It's definitely a problem. Perhaps worse is the fact that startTLS() doesn't directly give you that notification either. Please feel free to contribute a fix :).
Would the best approach be to open a new ticket, or re-open that with with tests & patch?
Open a new one that links to the old one, since description and subject editing is restricted, and it's important that this have a descriptive subject that refers to the problem and not just one proposed solution. Really, when this was originally closed, the subject should have been changed to reflect the real problem rather than closed as wontfix, since there is a real problem here. But we are faced with the problem of what to do today, not what should have been done then ;). (And since Trac is dumb and can't do this automatically, add a comment to the old one that links to the new one.)
I'm thinking that something akin to IHalfCloseable, given the discussion in the original ticket.
That sounds reasonable to me. -g
participants (2)
-
Glyph -
Phil Mayers