Menu
▾
▴
pyopenssl-list
|
From: Zoltan F. <zol...@us...> - 2002-10-06 10:17:15
|
hello list, i have a problem with pyOpenSSL, namely as follows: i have created a client/server application, where the clients communicate with the servers on a secure channel. When a client tries to log in to a server (ie. after the SSL handshake it tries to send a message), the client dies with the subject, and the server gets a "connection reset by peer" exception. i have two questions about this: a.) has anyone seen this before? b.) is there an "official" way of handling the WantXYZError exceptions besides ignoring them? thanks a lot, and sorry for the poor english. zoltan ps: both the client and server are multithreaded, the SSL connection is nonblocking, and the pyOpenSSL version is 0.5.1 |
|
From: Martin <md...@md...> - 2002-10-06 10:46:34
|
s=C3=B6n 2002-10-06 klockan 12.20 skrev Zoltan Felleg:
> hello list,
>=20
> i have a problem with pyOpenSSL, namely as follows:
> i have created a client/server application, where the clients=20
> communicate with the servers on a secure channel. When a client tries to=20
> log in to a server (ie. after the SSL handshake it tries to send a=20
> message), the client dies with the subject, and the server gets a=20
> "connection reset by peer" exception. i have two questions about this:
> a.) has anyone seen this before?
> b.) is there an "official" way of handling the WantXYZError exceptions=20
> besides ignoring them?
The WantXYZ exceptions are tricky, but that's because it's tricky in
OpenSSL! If you get WantReadError that means OpenSSL wants to read from
the socket but couldn't, so after you've made sure that the socket is
readable, you should call *the same method* again, with *the same
arguments*. It's symmetrical for WantWriteError.
So, if for example you get a WantReadError when you do ssl.write('foo')
you have to wait (using e.g. select) until the socket corresponding to
`ssl' is readable, and then call ssl.write('foo') again. Yes, you can
get WantReadErrors on writing, and WantWriteErrors on reading, since
OpenSSL does handshakes transparently.
> ps: both the client and server are multithreaded, the SSL connection is=20
> nonblocking, and the pyOpenSSL version is 0.5.1
If you're running multithreaded, you'd do well to use
OpenSSL.tsafe.Connection instead of OpenSSL.SSL.Connection (tsafe stands
for thread safe :))
Regards,
Martin
|
|
From: Dave A. <da...@im...> - 2002-10-06 17:34:24
|
On Sun, 2002-10-06 at 06:46, Martin Sj=F6gren wrote:
> If you're running multithreaded, you'd do well to use
> OpenSSL.tsafe.Connection instead of OpenSSL.SSL.Connection (tsafe stands
> for thread safe :))
>=20
>=20
> Regards,
> Martin
hmm. How does one do this exactly?
-dave
self.mysocket =3D OpenSSL.tsafe.Connection(ctx, self.mysocket)
Connected to by ('127.0.0.1', 36388)
Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib/python2.2/threading.py", line 408, in __bootstrap
self.run()
File "./spkproxy.py", line 699, in run
self.connection.startSSLserver()
File "./spkproxy.py", line 94, in startSSLserver
self.mysocket =3D OpenSSL.tsafe.Connection(ctx, self.mysocket)
AttributeError: 'module' object has no attribute 'tsafe'
|
|
From: Martin <md...@md...> - 2002-10-06 18:22:30
|
s=C3=B6n 2002-10-06 klockan 19.28 skrev Dave Aitel: > On Sun, 2002-10-06 at 06:46, Martin Sj=C3=B6gren wrote: >=20 > > If you're running multithreaded, you'd do well to use > > OpenSSL.tsafe.Connection instead of OpenSSL.SSL.Connection (tsafe stand= s > > for thread safe :)) >=20 > hmm. How does one do this exactly? > -dave >=20 >=20 > self.mysocket =3D OpenSSL.tsafe.Connection(ctx, self.mysocket) > self.mysocket =3D OpenSSL.tsafe.Connection(ctx, self.mysocket) > AttributeError: 'module' object has no attribute 'tsafe' D'oh! I must have forgotten to import tsafe from the __init__.py file. If you do import OpenSSL.tsafe, or from OpenSSL import tsafe, it works. /Martin |
|
From: Dave A. <da...@im...> - 2002-10-06 19:35:34
|
Does a tsafe connection not support this?
-dave
Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib/python2.2/threading.py", line 408, in __bootstrap
self.run()
File "./spkproxy.py", line 700, in run
self.connection.startSSLserver()
File "./spkproxy.py", line 98, in startSSLserver
self.mysocket.set_accept_state()
AttributeError: Connection instance has no attribute 'set_accept_state'
On Sun, 2002-10-06 at 14:22, Martin Sj=F6gren wrote:
> s=F6n 2002-10-06 klockan 19.28 skrev Dave Aitel:
> > On Sun, 2002-10-06 at 06:46, Martin Sj=F6gren wrote:
> >=20
> > > If you're running multithreaded, you'd do well to use
> > > OpenSSL.tsafe.Connection instead of OpenSSL.SSL.Connection (tsafe sta=
nds
> > > for thread safe :))
> >=20
> > hmm. How does one do this exactly?
> > -dave
> >=20
> >=20
> > self.mysocket =3D OpenSSL.tsafe.Connection(ctx, self.mysocket)
> > self.mysocket =3D OpenSSL.tsafe.Connection(ctx, self.mysocket)
> > AttributeError: 'module' object has no attribute 'tsafe'
>=20
> D'oh! I must have forgotten to import tsafe from the __init__.py file.
> If you do import OpenSSL.tsafe, or from OpenSSL import tsafe, it works.
>=20
>=20
> /Martin
|
|
From: Martin <md...@md...> - 2002-10-06 19:49:08
|
s=C3=B6n 2002-10-06 klockan 21.29 skrev Dave Aitel: > Does a tsafe connection not support this? The reason for this is that the tsafe.Connection hasn't been updated when the SSL.Connection has been. :/ I blame my bad memory. :-) If you check the code in tsafe.py you'll see it's easy to fix ;) but I think it might be a good idea to use a getattr descriptor instead of this ugly hack. If anybody have suggestions I'll gladly hear them. /Martin |
|
From: Dave A. <da...@im...> - 2002-10-07 10:35:18
|
can we just fix tsafe for .2? I'll force all my users to upgrade. :> -dave On Sun, 2002-10-06 at 15:49, Martin Sj=F6gren wrote: > s=F6n 2002-10-06 klockan 21.29 skrev Dave Aitel: > > Does a tsafe connection not support this? >=20 > The reason for this is that the tsafe.Connection hasn't been updated > when the SSL.Connection has been. :/ I blame my bad memory. :-) If you > check the code in tsafe.py you'll see it's easy to fix ;) but I think it > might be a good idea to use a getattr descriptor instead of this ugly > hack. If anybody have suggestions I'll gladly hear them. >=20 >=20 > /Martin |
|
From: Martin <md...@md...> - 2002-10-07 17:30:45
|
m=C3=A5n 2002-10-07 klockan 12.28 skrev Dave Aitel: > can we just fix tsafe for .2? I'll force all my users to upgrade. :> > -dave Yeah I suppose so. Are you in a hurry? I'm swamped with work at the university (trying to study full time AND teach). /Martin |
|
From: Dave A. <da...@im...> - 2002-10-07 17:38:20
|
It's no biggie for me. I'm not having any problems with OpenSSL.SSL.Connection, despite being multi-threaded. I can wait as long as it takes. -dave On Mon, 2002-10-07 at 13:30, Martin Sj=F6gren wrote: > m=E5n 2002-10-07 klockan 12.28 skrev Dave Aitel: > > can we just fix tsafe for .2? I'll force all my users to upgrade. :> > > -dave >=20 > Yeah I suppose so. Are you in a hurry? I'm swamped with work at the > university (trying to study full time AND teach). >=20 >=20 > /Martin |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X