Wierd M2Crypto bug - phony "peer did not return certificate" error

nagle at animats.com nagle at animats.com
Thu Jan 11 20:29:59 CET 2007


  That's a problem for me.  I need short timeouts; I'm accessing sites
that might or might not have SSL support, and I need to quickly time
out when there's no SSL server.

  PyOpenSSL handles timeout correctly, but M2Crypto does not. On the
other hand, M2Crypto actually checks certificates, which PyOpenSSL does
not. So we have two broken implementations.

  Python needs a merge here. Read Guido van Rossum's rant on M2Crypto:

      http://www.artima.com/weblogs/viewpost.jsp?thread=95863

Both of these packages contain wrappers for OpenSSL, but both wrappers
are incompatible and buggy. M2Crypto also has some Python components.
The PyOpenSSL wrapper, which ships with Python, doesn't expose enough
of the OpenSSL API.  M2Crypto exposes more of the API, but doesn't work
as well.

What's probably needed is to implement the additional API functions of
the M2Crypto wrapper in the PyOpenSSL wrapper, so that the M2Crypto
components written in Python could be used with it. Then we'd have one
good implementation instead of two broken ones.

    John Nagle
    nagle at animats.com

(News feed broken, using Google Groups as backup.)




More information about the Python-list mailing list