[Tutor] Sending a disconnect after openssl s_client command?

Martin Walsh mwalsh at mwalsh.org
Mon Apr 20 19:17:20 CEST 2009 

Kayvan Sarikhani wrote:
> Tutors,
> 
>   I'm working on a script to verify whether a particular website
> supports SSLv2 via the following:
> 
> --- BEGIN ---
> #!/usr/bin/python
> import os, re
> 
> checkssl_out = open('checkssl.txt','w')
> 
> website = 'somewebsitename'
> sslv2 = 'Protocol  : SSLv2'
> 
> print 'Checking:', website
> 
> checksslv2 = os.popen('openssl s_client -ssl2 -connect
> somewebsitename:443').read().strip()
> 
> if re.search(sslv2, checksslv2) == None:
>     print >> checkssl_out, website, 'does NOT support SSLv2'
> else:
>     print >> checkssl_out, website, 'supports: SSLv2'
> 
> checkssl_out.close()
> --- END ---
> 
>   It works, but the problem is that OpenSSL does not automatically
> disconnect after end of input. I was curious if there's a way to send a
> CTRL-C at the end of the command, so that it *does* capture the output,
> and breaks after it. Any suggestions or help is appreciated!

You can do something like the following (untested) to simulate a CTRL-C,
but I'd recommend against it, as I doubt it will work as you expect ...

import os, signal
from subprocess import Popen, PIPE

openssl_cmd = 'openssl s_client -ssl2 -connect somewebsitename:443'
openssl = Popen(openssl_cmd, shell=True, stdout=PIPE, stderr=PIPE)

os.kill(openssl.pid, signal.SIGINT)

# dead, I bet, before any output is generated
stdout, stderr = openssl.communicate()


Instead, you may want to try to mimic this command-line behavior ...

echo "GET /" | openssl s_client -ssl2 -connect somewebsitename:443

... in which case, you can try something like this ...

from subprocess import Popen, PIPE

openssl_cmd = 'openssl s_client -ssl2 -connect somewebsitename:443'
openssl = Popen(
  openssl_cmd, shell=True, stdout=PIPE, stderr=PIPE, stdin=PIPE
)
stdout, stderr = openssl.communicate('GET /')

Alternatively, if you're using python 2.6 and above, it looks like you
can do something similar with a few lines of code, and the ssl module
from the standard lib ...

# untested!
import ssl
try:
    cert = ssl.get_server_certificate(
        ('somewebsitename', 443), ssl.PROTOCOL_SSLv2
    )
except ssl.SSLError, ex:
    # site may not support sslv2
    ...

HTH,
Marty

> 
> K
>

More information about the Tutor mailing list