Menu
▾
▴
Re: [pyOpenSSL] Problems with openssl-0.9.8j
|
From: Christian S. <mai...@go...> - 2009-01-18 13:19:42
|
Thanks for your help but what is the integer value of OP_NO_TICKET? Currently I've got pyopenssl 0.8 only and have no idea where to get the dev-source and I don't think the user of the app should have to install it either. greetings Christian Scharkus >>Hi folks :) >> >>I use Arch Linux i686 with pyopenssl-0.8 and openssl-0.9.8j and have got >>some problems with connecting to kekz.net:23002. >> >>http://codepad.org/2aad1eAI >> >>$ python >>Python 2.6.1 (r261:67515, Dec 7 2008, 08:27:41) >>[GCC 4.3.2] on linux2 >>Type "help", "copyright", "credits" or "license" for more information. >>>>> import socket >>>>> from OpenSSL.SSL import SSLv3_METHOD, Connection, Context >>>>> s = socket.socket() >>>>> conn = Connection(Context(SSLv3_METHOD), s) >>>>> conn.connect(('kekz.net',23002)) >>>>> conn.do_handshake() >>Traceback (most recent call last): >> >> File "<stdin>", line 1, in <module> >>OpenSSL.SSL.Error: [('SSL routines', 'SSL3_GET_RECORD', 'wrong version number')] > > This seems to be due to the change in OpenSSL 0.9.8j to sending a TLS > extension section by default. A correct SSL server will ignore this > section, but it seems there are a few SSL libraries which freak out > when they encounter this. > > The next version of pyOpenSSL will include a way to work around this > by exposing a constant to explicitly disable sending this TLS extension > section. > > This is done with a Context option, so if your example code above were > changed to set up the connection like this: > > from OpenSSL.SSL import OP_NO_TICKET > ctx = Context(SSLv3_METHOD) > ctx.set_options(OP_NO_TICKET) > conn = Connection(ctx, s) > > Then it would work (I've tested this against trunk@HEAD of pyOpenSSL and > OpenSSL 0.9.8j and it fixed the connection problem for me). > > You can probably also just use the value of OP_NO_TICKET with older versions > of pyOpenSSL. It will have the same effect on OpenSSL 0.9.8j and no effect > at all on older versions. > > Jean-Paul |
