[PYTHON-CRYPTO] m2crypto - close_wait when running echod_async

Ng Pheng Siong ngps at POST1.COM
Fri Jun 25 19:43:11 CEST 2004

On Wed, Jun 23, 2004 at 04:03:28PM +0200, Andre Reitz wrote:
> is it legal to use the standard select method on the underlying socket of a
> m2crypto SSL.Connection Object,
> or are there problems bacause of the ssl-protocol lying on the socket?

Ah, I misread your question earlier. Yes it is okay to use select to
test the underlying socket. However, you must use SSL's read/write
functions (i.e., SSL.Connection's read/write methods) when select indicates
the socket is readable/writeable respectively.

This is because the SSL protocol adds crypto overhead to your data; when
select reports that the socket is writeable, say, SSL might need to _read_
and write stuff over the wire that is SSL-specific and has nothing to do
with your data, and the SSL functions handle this properly.

Also take a look at contrib/dave.README, from Dave Brueck in 2002:

    The ssl_connect, ssl_read_nbio, etc. calls don't differentiate between
    SSL_ERROR_WANT_WRITE and SSL_ERROR_WANT_READ when a non-blocking call
    couldn't finish. But without this information, I don't know whether the
    socket needs to do more reading or more writing before a subsequent
    attempt will work without blocking. The demo applications (e.g.
    echod-async.py) don't seem to care about this but they get around it by
    simply trying the operation over and over again, which I can't do for
    performance reasons.

I use ZServerSSL over the net and haven't encountered any performance
problems. I was asking Dave if he has more info on the improvement in
performance, but our email conversation kinda petered out.


Ng Pheng Siong <ngps at netmemetic.com>

http://firewall.rulemaker.net     -+- Firewall Version Control
http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL/Zope, Blog

More information about the python-crypto mailing list