httplib drops ssl connection to MS IIS Server

Ng Pheng Siong ngps at vista.netmemetic.com
Tue Apr 16 11:35:35 EDT 2002 

According to Jon Ribbens  <jon+usenet at unequivocal.co.uk>:
> In article <mailman.1018741166.19994.python-list at python.org>, Marco Caamano wrote:
> > socket.sslerror: (5, 'EOF occurred in violation of protocol')
> 
> It is a bug in MS IIS, it just closes the SSL socket rather than going
> through the SSL shutdown negotiation. I don't think you can work
> around this using httplib.

Nobody is accusing MS IIS of being bug-free, but I think in this instance
the bug is with Python's SSL. Here's a slightly-reworked version of the
OP's code that uses M2Crypto.httpslib.HTTPSConnection:

from M2Crypto import SSL, httpslib

def testurl3():
    ctx = SSL.Context()
    ctx.set_info_callback()
    print '\n\nUsing HTTPS request'
    body = '\202test'
    hs = httpslib.HTTPSConnection('209.154.200.218', 443, ssl_context=ctx)
    hs.set_debuglevel(4)
    hs.putrequest('POST', '/scripts/gateway.dll?Transact')
    hs.putheader('Content-Type', 'x-Visa-II/x-auth')
    hs.putheader('Content-Length', str(len(body)))
    hs.endheaders()
    hs.send(body)
    resp = hs.getresponse()
    print resp.read()
    return

if __name__ == '__main__':
    testurl3()

Running it gives the following output:

----------
Using HTTPS request
LOOP: SSL connect: before/connect initialization
LOOP: SSL connect: SSLv2/v3 write client hello A
LOOP: SSL connect: SSLv3 read server hello A
LOOP: SSL connect: SSLv3 read server certificate A
LOOP: SSL connect: SSLv3 read server done A
LOOP: SSL connect: SSLv3 write client key exchange A
LOOP: SSL connect: SSLv3 write change cipher spec A
LOOP: SSL connect: SSLv3 write finished A
LOOP: SSL connect: SSLv3 flush data
LOOP: SSL connect: SSLv3 read finished A
INFO: SSL connect: SSL negotiation finished successfully
send: 'POST /scripts/gateway.dll?Transact HTTP/1.1\r\n'
send: 'Host: 209.154.200.218:443\r\n'
send: 'Accept-Encoding: identity\r\n'
send: 'Content-Type: x-Visa-II/x-auth\r\n'
send: 'Content-Length: 5\r\n'
send: '\r\n'
send: '\x82test'
reply: 'HTTP/1.1 100 Continue\r\n'
header: Server: Microsoft-IIS/4.0
header: Date: Tue, 16 Apr 2002 15:42:50 GMT

ALERT: write: warning: close notify
----------

The "LOOP", "INFO", etc. stuff shows SSL protocol negotiation in action.
No protocol violation. 

M2Crypto also wraps OpenSSL. Does a better job than the current Python's,
if I do say so myself. ;-)


> This is discussed in SourceForge bug id 494762. That was closed
> without fix so I have opened a new one 544234.

Perhaps an interested party may wish to explore grafting M2Crypto's
ssl_read() and ssl_write() routines to Python's socket module. I am busy
bootstrapping my start-up, so I can't commit any effort to this, sorry.

Alternatively, just use M2Crypto. 


-- 
Ng Pheng Siong <ngps at netmemetic.com> * http://www.netmemetic.com

More information about the Python-list mailing list