SSL EOF
Ng Pheng Siong
ngps at madcap.dyndns.org
Fri Feb 2 22:55:05 EST 2001
According to Clarence Gardner <clarence at netlojix.com>:
> - The 2.0 stuff doesn't include a shutdown method. I had one in
> my implementation, but since I didn't know what I was doing, I
> just had it do a shutdown on the socket. It worked, but is
> clearly wrong.
M2Crypto provides a shutdown() method for an SSL socket which calls
SSL_shutdown() which DTRT.
> - As far as I can tell, the 2.0 stuff only allows the Python program
> to act as a client. Remembering my trial-and-error method of
> implementing server side, I can see why. :)
M2Crypto supports forking, threading, and async-io servers.
(Sorry for the commercial. ;-)
> I noticed that the M2Crypto code that was posted still, at the Python
> level, doesn't treat encrypted sockets the same as the others (e.g.,
> returning a None result in some circumstances).
None is overloaded to mean "try again" in non-blocking mode only.
In blocking mode OpenSSL promises (heh) to not reach that code path.
I could've invented an arbitrary object type, or return a tuple
(return status, data), but they seem like too much work. So I overload
None. ;-)
> It seems to me that the application probably just
> cares about whether it can communicate with the other end, not which of
> the zillion different ways an ssl channel can go wrong.
I disagree. Since you're using SSL, presumably you care about security.
An unexpected shutdown on the other side is a security event, and you'll
want to know about it.
Cheers.
--
Ng Pheng Siong <ngps at post1.com> * http://www.post1.com/home/ngps
More information about the Python-list
mailing list