[PYTHON-CRYPTO] Some issues with M2Crypto 0.18 and timeouts

Heikki Toivonen heikki at OSAFOUNDATION.ORG
Sat Sep 22 08:22:34 CEST 2007


Jesus Cea wrote:
> a) If the socket passed to "M2Crypto.SSL.Connection()" has defined a
> timeout, the SSL/TLS negotiation will fail. Even if the timeout doesn't
> expire.
> 
> b) Calls to "connection.set_socket_read_timeout()" and
> "connection.set_socket_write_timeout()" seems to hang up or show
> messages like "Option not supported by protocol". How can I limit the
> time spend in SSL negotiation or waiting for data?. I'm interested in
> garantee a maximum (sort) time to SSL negotiation and a configurable and
> sort wait in the "recv()" and "send()" method.

There is currently no simple API to do server-side timeouts. There is
already a bug filed to this effect with a possible patch, but I haven't
tested this myself: https://bugzilla.osafoundation.org/show_bug.cgi?id=4097

Also there is a bug about setdefaulttimeout breaking SSL:
https://bugzilla.osafoundation.org/show_bug.cgi?id=2341

Searching the web for the words [openssl socket timeout] gives for
example
http://www.nabble.com/server-timeout-in-connection-handshake---t4383302.html,
which points to Postfix implementing this by using BIO pairs and letting
Postfix do all network traffic.

If you want to take the "Postfix approach", you might want to look into
for example Twisted. M2Crypto can plug into Twisted (see
M2Crypto.SSL.TwistedProtocolWrapper) so that Twisted does all the
network traffic and M2Crypto does SSL using BIO pairs in memory.
Searching for [twisted http server timeout] gives multiple hits.

-- 
  Heikki Toivonen


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20070921/f0fad3e2/attachment.pgp>


More information about the python-crypto mailing list