Re: [pyOpenSSL] 'internal error' on 0.5.1

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

tis 2003-07-29 klockan 19.54 skrev Yannick Gingras:
>   I try do customize the SafeTransport of xmlrpclib to do certificate
> validation (signature and the like).  I use you SecureXMLRPCServer
> from the distribution.
>=20
> It works perfectly if I keep the standard SafeTransport but if I try :=20
>=20
>=20
> class CustomTransport(SafeTransport):
>     def make_connection(self, host):
>         conn =3D SafeTransport.make_connection(self, host)
>         addr =3D (conn._conn.host, conn._conn.port)
>         ctx =3D SSL.Context(SSL.SSLv23_METHOD)
>         ctx.set_options(SSL.OP_NO_SSLv2)
>         sslConn =3D SSL.Connection( ctx, socket.socket( socket.AF_INET,=20
>                                                       socket.SOCK_DGRAM) =
)
>         sslConn.connect(addr)
>         sslConn.set_connect_state()
>         sslConn.renegotiate()
>         sslConn.do_handshake()
>         # must update the socket in conn here
>         print (sslConn.get_peer_certificate())
> 	# do the certificate validation here
>         return conn

I'm not sure I follow what you're trying to do. It looks to me like
you're connecting a regular socket to an address, and then create a new
socket, using SSL, and connect it to the same address. But then you
return the old connection. What's the point, really? Note that you can
pass an already connected socket as argument to SSL.Connection. That's
when you should use .set_connect_state() (if you're using .connect(),
.set_connect_state() is redundant since it already is in connecting
state).

You shouldn't need to renegotiate()/do_handshake() since the handshake
will be initiated automatically as soon as you try to read or write
from/to the socket. Certificate validation is normally done in a
callback fashion...

I wish I could tell you what "internal error" means, but I can't, at
least not without digging through the OpenSSL source code, and I don't
really have the time for that right now.

> I'm not a SSL guru so I wonder what I may have done wrong.  Is this
> the right way to make a SLL connection with pyOpenSSL ?  I use Python
> 2.2.2 on Red Hat 9.  OpenSSL is a custom build of 0.9.7b (I tried
> M2Crypto).

What do you mean, you tried M2Crypto? Do you mean "I tried M2Crypto but
it sucked so I went for pyOpenSSL instead"? ;)

/Martin
--=20
Martin Sj=F6gren
  ma...@st...
  Phone: +46 (0)31 7490880       Cell: +46 (0)739 169191
  GPG key: http://www.strakt.com/~martin/gpg.html