[Tutor] Sending a disconnect after openssl s_client command?
mwalsh at mwalsh.org
Tue Apr 21 21:22:49 CEST 2009
Kayvan Sarikhani wrote:
> On Mon, Apr 20, 2009 at 1:17 PM, Martin Walsh <mwalsh at mwalsh.org
> <mailto:mwalsh at mwalsh.org>> wrote:
> from subprocess import Popen, PIPE
> openssl_cmd = 'openssl s_client -ssl2 -connect somewebsitename:443'
> openssl = Popen(
> openssl_cmd, shell=True, stdout=PIPE, stderr=PIPE, stdin=PIPE
> stdout, stderr = openssl.communicate('GET /')
> Alternatively, if you're using python 2.6 and above, it looks like you
> can do something similar with a few lines of code, and the ssl module
> from the standard lib ...
> # untested!
> import ssl
> cert = ssl.get_server_certificate(
> ('somewebsitename', 443), ssl.PROTOCOL_SSLv2
> except ssl.SSLError, ex:
> # site may not support sslv2
> Thanks Marty; this does indeed help...it just also means I need to
> really learn how subprocess works. ;) I wish I could claim to be using
> 2.6, but unfortunately the most current version at work is Python
> 2.5.2...most boxes here are even below, and I can't convince them to
> upgrade. Ah, well.
Yep, subprocess is the way to go.
In that case, if you're not offended by the extra dependency, then you
might be interested in http://pypi.python.org/pypi/ssl, which appears to
be a backport of the 2.6 ssl module.
I haven't tried it myself, but it has a get_server_certificate helper
also, so I'd expect it to work the same way. Although, you'll probably
want to explore in greater detail the properties of the exception that
is raised by a site not supporting sslv2. When I tried I received an
SSLError(errno=6) for a server configured w/o sslv2.
> Thanks again though!
You're welcome, glad it helped. :)
More information about the Tutor