[Tutor] Sending a disconnect after openssl s_client command?

Martin Walsh mwalsh at mwalsh.org
Tue Apr 21 21:22:49 CEST 2009

Kayvan Sarikhani wrote:
> On Mon, Apr 20, 2009 at 1:17 PM, Martin Walsh <mwalsh at mwalsh.org
> <mailto:mwalsh at mwalsh.org>> wrote:
>     from subprocess import Popen, PIPE
>     openssl_cmd = 'openssl s_client -ssl2 -connect somewebsitename:443'
>     openssl = Popen(
>      openssl_cmd, shell=True, stdout=PIPE, stderr=PIPE, stdin=PIPE
>     )
>     stdout, stderr = openssl.communicate('GET /')
>     Alternatively, if you're using python 2.6 and above, it looks like you
>     can do something similar with a few lines of code, and the ssl module
>     from the standard lib ...
>     # untested!
>     import ssl
>     try:
>        cert = ssl.get_server_certificate(
>            ('somewebsitename', 443), ssl.PROTOCOL_SSLv2
>        )
>     except ssl.SSLError, ex:
>        # site may not support sslv2
>        ...
>     HTH,
>     Marty
> Thanks Marty; this does indeed help...it just also means I need to
> really learn how subprocess works. ;) I wish I could claim to be using
> 2.6, but unfortunately the most current version at work is Python
> 2.5.2...most boxes here are even below, and I can't convince them to
> upgrade. Ah, well.

Yep, subprocess is the way to go.

In that case, if you're not offended by the extra dependency, then you
might be interested in http://pypi.python.org/pypi/ssl, which appears to
be a backport of the 2.6 ssl module.

I haven't tried it myself, but it has a get_server_certificate helper
also, so I'd expect it to work the same way. Although, you'll probably
want to explore in greater detail the properties of the exception that
is raised by a site not supporting sslv2. When I tried I received an
SSLError(errno=6) for a server configured w/o sslv2.

> Thanks again though!

You're welcome, glad it helped. :)


More information about the Tutor mailing list