What timeouts are required when reading SSL certificates with Python 2.6.4?
John Nagle
nagle at animats.com
Tue Jun 1 01:54:52 EDT 2010
I'm converting some M2Crypto code to use the new "ssl" module, and
I'm concerned about protection against hung machines at the remote end.
With M2Crypto, getting timeout to work properly required much tweaking.
Here's the code. I've tried it on about fifteen domains, some of which
support SSL and some which don't. So far, it hasn't hung. Is there any further
protection I need?
port = httplib.HTTPS_PORT
sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock = ssl.wrap_socket(sk, ca_certs=certfile, cert_reqs=ssl.CERT_REQUIRED)
sock.connect((domain,port))
cert = sock.getpeercert() # ... process certificate data
del sock
del sk
Note that this doesn't send or receive any data on the SSL connection
once the handshake has been completed. It's just reading the remote
certificate as part of a host identity check. Then it drops the connection.
John Nagle
More information about the Python-list
mailing list