[Patches] [Patch #101647] adds SSL server socket support to socketmodule.c
noreply@sourceforge.net
noreply@sourceforge.net
Thu, 08 Feb 2001 08:33:24 -0800
Patch #101647 has been updated.
Project: python
Category: Modules
Status: Open
Submitted by: drew_csillag
Assigned to : gvanrossum
Summary: adds SSL server socket support to socketmodule.c
Follow-Ups:
Date: 2001-Feb-08 08:33
By: akuchling
Comment:
Drew provided instructions for creating a test key and certificate, but I
couldn't make them work. Given that:
* this SSL support is undocumented
* it seems difficult to make it work
* OpenSSL is a big API, and only very basic support is in socketmodule.c
* M2Crypto already exists, and offers more complete support.
I'd suggest dropping SSL support from 2.1.
Reassigning to GvR; I can't test this code if I can't even make a client
connection work!
-------------------------------------------------------
Date: 2001-Jan-24 19:04
By: akuchling
Comment:
newServerSSLObject() is a near-duplicate of newSSLobject(). Rather than
just cut-and-paste the code into a new function, newSSLobject() should take
a fourth argument, and perform either the client or server initialization.
I've already modified the patch to do this. Before uploading the modified
version, I'd like to test it, but can't figure out what it wants for the
key and cert arguments. Drew, do you have a test program you used to test
the code? Can you please e-mail it to me, or add it as a comment to this
patch?
-------------------------------------------------------
Date: 2001-Jan-24 12:05
By: gvanrossum
Comment:
OK, Andrew, it's all yours.
(But I disagree with your last point: client-only SSL support is still a
lot better than no SSL support! :-)
-------------------------------------------------------
Date: 2001-Jan-24 11:24
By: akuchling
Comment:
Guido, want me to re-open this patch and take it over? IMHO, if the SSL
support is left in, then this patch should be added; no point in having
only half-working support.
-------------------------------------------------------
Date: 2001-Jan-24 11:06
By: drew_csillag
Comment:
Sorry for the no-reply... Anyhoo, the ssl stuff currently in the socket
module only allows ssl on client connections (i.e. where you connect to
somebody else) as opposed to server connections (i.e. where somebody
connects to you).
For example, you have a cheesy SSL socket client:
from socket import *
s = socket(AF_INET, SOCK_STREAM)
s.connect(('',9999))
ss = ssl(s,None,None)
ss.write("foo!\n")
The patch is required in order to be able to write the corresponding
server, as such:
from socket import *
s = socket(AF_INET, SOCK_STREAM)
s.bind(('',9999))
s.listen(5)
f,a = s.accept()
ss = sslserv(f, "keyfilename", "certfilename")
print ss.read(5)
If you try to just use the ssl function on both sides and it
doesn't work.
-------------------------------------------------------
Date: 2000-Sep-25 09:41
By: jhylton
Comment:
too late for 2.0
-------------------------------------------------------
Date: 2000-Sep-27 03:51
By: naris
Comment:
too late ? this patch solves world hunger and brings world peace!
such a valuable patch, but i guess deadlines are deadlines :-(
-------------------------------------------------------
Date: 2000-Oct-25 13:54
By: gvanrossum
Comment:
Drew, could you provide an example of how this is used? If I can't test it
I can't add it. It doesn't have to be a test module (although a test module
for all the SSL support is sorely needed) but I would like to see a little
motivation for why this is useful. Also note that the SSL support in the
socket module is controversial; there are some who believe that a different
approach is needed, e.g. based on M2crypto.
-------------------------------------------------------
Date: 2000-Nov-13 11:41
By: gvanrossum
Comment:
Still no reply. I'll reject the patch now, for lack of sufficient
motivation.
-------------------------------------------------------
-------------------------------------------------------
For more info, visit:
http://sourceforge.net/patch/?func=detailpatch&patch_id=101647&group_id=5470