Wierd M2Crypto bug - phony "peer did not return certificate" error

Heikki Toivonen heikki at osafoundation.org
Fri Jan 12 00:29:05 CET 2007


nagle at animats.com wrote:
>   That's a problem for me.  I need short timeouts; I'm accessing sites
> that might or might not have SSL support, and I need to quickly time
> out when there's no SSL server.

You should be able to do short timeouts, just not using the global
setdefaulttimeout. Have you tried Connection.set_socket_read/write_timeout?

Also like I mentioned before, if you use the Twisted wrapper and let
Twisted handle network stuff you should be fine.

>   Python needs a merge here. Read Guido van Rossum's rant on M2Crypto:
> 
>       http://www.artima.com/weblogs/viewpost.jsp?thread=95863

That's old news, I believe I have fixed all of the issues mentioned
there already in the 0.16 release.

> What's probably needed is to implement the additional API functions of
> the M2Crypto wrapper in the PyOpenSSL wrapper, so that the M2Crypto
> components written in Python could be used with it. Then we'd have one
> good implementation instead of two broken ones.

M2Crypto and pyOpenSSL (and pyOpenSSL-extended, which you might want to
take a look at as well) are implemented pretty differently, so merging
seems unlikely. They are pretty small code wise, though, so it is not an
impossible task.

Personally I think I'd prefer if Python stdlib contained a better SSL
module that did at least all the checks required for safe SSL
connection. (Yeah, yeah, maybe I need to write it myself if nobody else
gets to it;)

-- 
  Heikki Toivonen



More information about the Python-list mailing list