Python and SSL

John J. Lee jjl at pobox.com
Wed Oct 3 20:35:12 CEST 2007


Johny <python at hope.cz> writes:

> On Oct 3, 2:17 pm, "Martin v. Löwis" <mar... at v.loewis.de> wrote:
>> > It looks like this
>>
>> > MyPythonProgram --->Proxy---->Server

You want MyPythonProgram being to be proxied by Proxy, using the HTTP
CONNECT method? (CONNECT is a way of asking the proxy to just shovel
encrypted SSL traffic from client to server) Python's standard library
doesn't provide support for that.  While it's it's possible to do it,
httplib does not provide all the code to do it, and it's actually
quite awkward to do from e.g. urllib2.


>> > The  proxy is written in Java. I want to use that proxy to see what my
>> > Python program sends to server.

Does the proxy have support for behaving as a "man-in-the-middle",
then (by giving the proxy the private key)?  I think I've heard of
that being done for test purposes, but I don't know the details.
Seems rather odd.

An easier way is to print the traffic from your Python program.


[...]
> After I added certification, that the proxy uses, among those
> Trusted Root Certification Authorities list,as
> Gabriel described on Windows,
>
> I receive
> sslerror: (1, 'error:140770FC:SSL
> routines:SSL23_GET_SERVER_HELLO:unknown protocol')
>
>
> What does it mean?

It means that it's trying to interpret SSL traffic as if it were HTTP
traffic.  Look on ASPN Python Cookbook for a few recipes on HTTP
CONNECT (though ISTR I had to rework the one I looked at before it
worked for me).  Ask if you get stuck.


John



More information about the Python-list mailing list