How to use asyncore with SSL?
Grant Edwards
grant.b.edwards at gmail.com
Sat Jan 20 13:22:49 EST 2018
On 2018-01-20, Marko Rauhamaa <marko at pacujo.net> wrote:
> Grant Edwards <grant.b.edwards at gmail.com>:
>
>> Asyncore seems to be based on fundamental assumptions that aren't true
>> for non-blocking ssl sockets.
>
> Pot calling kettle black.
>
> OpenSSL isn't the easiest beast to deal with, but I have been able to
> abstract it (in C) so it behaves very close to TCP. The one blemish is
> in the fact that the TLS protocol does not support a half-duplex
> connection. Shame.
>
> The WANT_READ/WANT_WRITE silliness should be abstracted out of the
> non-blocking TLS library so the application doesn't need to know
> anything about it.
I won't argue with that. I think that non-blocking ssl-wrapped
sockets _should_ have the same select/poll/send/recv API/semantics
that normal sockets do. I thought about writing my own
wrapped-ssl-socket class that does that, but using stunnel was just so
much easier. If you _did_ want to wrap sockets like that, I think
you'd need to actually run a thread to deal with the SSL socket and
provide a "proxy" socket or pipe for use with select/poll.
Basically you'd be doing what stunnel does only doing it in-process.
--
Grant
More information about the Python-list
mailing list