SSL EOF

Clarence Gardner clarence at netlojix.com
Fri Feb 2 14:16:05 EST 2001 

On Thu, 01 Feb 2001, Tim Peters wrote:
>[Ng Pheng Siong]
>> ...
>> So, in M2Crypto, ssl_read() does return a '' on eof;
>> ...
>
>The good news is that it will in Python 2.1a2 also (to be released
>tomorrow).  However, the more we (Jeremy, Guido, me) looked at Python's SLL
>support, the more questionable code we found.  Alas, not being experts in
>this protocol, we're unlikely to fix it.  So we would be grateful for a
>patch against CVS Python for doing this stuff more intelligently, including
>corresponding repairs to the httplib.py code that uses it.
>
>"case 6:"-brrrrrrrr-ingly y'rs  - tim

Glad to hear about the EOF behavior change.

To: The hypothetical person who knows about this stuff
    and will do it for Python
From: A person who doesn't, but did anyway

Yes, I implemented an SSL module for Python 1.5, and always felt
guilty about not contributing it.  I didn't because I implemented it
without being able to find any documentation on SSL, and though it
worked for my purposes, I have no idea how many holes it has.

Here are some things to keep in mind when thinking of a re-do for
Python:
  - The 2.0 stuff doesn't include a shutdown method.  I had one in
    my implementation, but since I didn't know what I was doing, I
    just had it do a shutdown on the socket.  It worked, but is
    clearly wrong.
  - As far as I can tell, the 2.0 stuff only allows the Python program
    to act as a client.  Remembering my trial-and-error method of
    implementing server side, I can see why.  :)

                                  ###

I noticed that the M2Crypto code that was posted still, at the Python
level, doesn't treat encrypted sockets the same as the others (e.g.,
returning a None result in some circumstances).  I may be out of touch
with the rest of the community, (or just objectively wrong), in thinking
that they should...  It seems to me that the application probably just
cares about whether it can communicate with the other end, not which of
the zillion different ways an ssl channel can go wrong.
----
Clarence Gardner
Software Engineer
NetLojix Communications
clarence at netlojix.com

More information about the Python-list mailing list