[ python-Bugs-508944 ] socket-module SSL is broken
SourceForge.net
noreply at sourceforge.net
Sat Jun 5 16:58:09 EDT 2004
Bugs item #508944, was opened at 2002-01-26 14:05
Message generated for change (Comment added) made by akuchling
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=508944&group_id=5470
Category: Extension Modules
Group: Python 2.2
>Status: Closed
>Resolution: Later
Priority: 5
Submitted By: Jon Ribbens (jribbens)
Assigned to: Nobody/Anonymous (nobody)
Summary: socket-module SSL is broken
Initial Comment:
If you set a socket to non-blocking and then try to
call socket.ssl on it, it fails because you are doing
all the setup and calling SSL_connect as an
indivisible operation in the object constructor. So
you can't catch SSL_ERROR_WANT_READ/WRITE and restart
SSL_connect because there is no way from python to
call SSL_connect. (Don't tell me not to set the socket
non-blocking - I need to implement timeouts. And don't
tell me to use alarm(), my program is multi-threaded.)
For the same reason, there is no way in Python to
write an SSL server. The only way to create an SSL
object is socket.ssl and it is hardcoded to call
SSL_connect, you can't call SSL_accept.
Please can you make it so that a new function in the
socket module creates a proper SSL object (that
preferably has actual useful methods to set the
options, etc) that is not connected in its constructor
so that you can then call SSL_connect or SSL_accept.
It could then also have a makefile method like socket
objects which would implement read and write properly
(i.e. catching and handling
WANT_READ/WANT_WRITE/ZERO_RETURN). You could even then
make it so that it has methods to set the various
options that OpenSSL provides rather than hard-coding
them in the SSLObject constructor.
Umm, sorry if I sound tetchy but due to the complete
lack of documentation of the socket SSL facilities
I've just spent ages trying to work out why my program
wasn't working, only to discover that it's not
possible to get it working.
----------------------------------------------------------------------
>Comment By: A.M. Kuchling (akuchling)
Date: 2004-06-05 16:58
Message:
Logged In: YES
user_id=11375
Filed as RFE #967275; closing this bug.
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2002-07-01 21:34
Message:
Logged In: NO
This is a vote for better ssl support in Python in general. Please.
----------------------------------------------------------------------
Comment By: Gerhard Häring (ghaering)
Date: 2002-05-03 18:27
Message:
Logged In: YES
user_id=163326
If you need to write SSL servers *now*, you can use one of
the various third-party SSL libraries for Python: m2crypto,
pyOpenSSL, POW.
Fixing Python's SSL will most probably require a full
rewrite, and there's no consensus yet about if and how to do
this.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=508944&group_id=5470
More information about the Python-bugs-list
mailing list