Menu
▾
▴
pyopenssl-list
|
From: Yannick G. <yan...@sa...> - 2003-07-29 17:55:23
|
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,=20
I try do customize the SafeTransport of xmlrpclib to do certificate
validation (signature and the like). I use you SecureXMLRPCServer
from the distribution.
It works perfectly if I keep the standard SafeTransport but if I try :=20
class CustomTransport(SafeTransport):
def make_connection(self, host):
conn =3D SafeTransport.make_connection(self, host)
addr =3D (conn._conn.host, conn._conn.port)
ctx =3D SSL.Context(SSL.SSLv23_METHOD)
ctx.set_options(SSL.OP_NO_SSLv2)
sslConn =3D SSL.Connection( ctx, socket.socket( socket.AF_INET,=20
socket.SOCK_DGRAM) )
sslConn.connect(addr)
sslConn.set_connect_state()
sslConn.renegotiate()
sslConn.do_handshake()
# must update the socket in conn here
print (sslConn.get_peer_certificate())
# do the certificate validation here
return conn
I receive this trace :
File "/usr/lib/python2.2/xmlrpclib.py", line 821, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.2/xmlrpclib.py", line 975, in __request
verbose=3Dself.__verbose
File "/usr/lib/python2.2/xmlrpclib.py", line 833, in request
h =3D self.make_connection(host)
File "/home/ygingras/BelugaERP/belugaerp/core/client/SimpleClient.py", li=
ne=20
32, in make_connection
sslConn.do_handshake()
SSL.Error [('SSL routines', 'SSL_clear', 'internal error')]
I'm not a SSL guru so I wonder what I may have done wrong. Is this
the right way to make a SLL connection with pyOpenSSL ? I use Python
2.2.2 on Red Hat 9. OpenSSL is a custom build of 0.9.7b (I tried
M2Crypto).
Thanks for your time !
=2D --=20
Yannick Gingras
Byte Gardener, Savoir-faire Linux inc.
(514) 276-5468
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/JrS5rhy5Fqn/MRARAllXAJwPOadpSKyCHOabVAlrd2qpgEYIeQCglf+i
e1MPRetViPH0ZXN/8G1AKKU=3D
=3DD+iG
=2D----END PGP SIGNATURE-----
|
|
From: Martin <ma...@st...> - 2003-07-30 07:49:29
|
tis 2003-07-29 klockan 19.54 skrev Yannick Gingras: > I try do customize the SafeTransport of xmlrpclib to do certificate > validation (signature and the like). I use you SecureXMLRPCServer > from the distribution. >=20 > It works perfectly if I keep the standard SafeTransport but if I try :=20 >=20 >=20 > class CustomTransport(SafeTransport): > def make_connection(self, host): > conn =3D SafeTransport.make_connection(self, host) > addr =3D (conn._conn.host, conn._conn.port) > ctx =3D SSL.Context(SSL.SSLv23_METHOD) > ctx.set_options(SSL.OP_NO_SSLv2) > sslConn =3D SSL.Connection( ctx, socket.socket( socket.AF_INET,=20 > socket.SOCK_DGRAM) = ) > sslConn.connect(addr) > sslConn.set_connect_state() > sslConn.renegotiate() > sslConn.do_handshake() > # must update the socket in conn here > print (sslConn.get_peer_certificate()) > # do the certificate validation here > return conn I'm not sure I follow what you're trying to do. It looks to me like you're connecting a regular socket to an address, and then create a new socket, using SSL, and connect it to the same address. But then you return the old connection. What's the point, really? Note that you can pass an already connected socket as argument to SSL.Connection. That's when you should use .set_connect_state() (if you're using .connect(), .set_connect_state() is redundant since it already is in connecting state). You shouldn't need to renegotiate()/do_handshake() since the handshake will be initiated automatically as soon as you try to read or write from/to the socket. Certificate validation is normally done in a callback fashion... I wish I could tell you what "internal error" means, but I can't, at least not without digging through the OpenSSL source code, and I don't really have the time for that right now. > I'm not a SSL guru so I wonder what I may have done wrong. Is this > the right way to make a SLL connection with pyOpenSSL ? I use Python > 2.2.2 on Red Hat 9. OpenSSL is a custom build of 0.9.7b (I tried > M2Crypto). What do you mean, you tried M2Crypto? Do you mean "I tried M2Crypto but it sucked so I went for pyOpenSSL instead"? ;) /Martin --=20 Martin Sj=F6gren ma...@st... Phone: +46 (0)31 7490880 Cell: +46 (0)739 169191 GPG key: http://www.strakt.com/~martin/gpg.html |
|
From: Remy C. C. <dev...@sm...> - 2003-07-30 09:28:40
|
Hi,
For my application, I created a class sslTransport and used this in
creating the server object.
class sslTransport(xmlrpclib.SafeTransport):
"""Enables ssl transport with client certificates."""
def __init__(self, x509):
"""Added to enable client SSL certificates."""
self.x509 = x509
def make_connection(self, host):
"""Extended to include x509 certificate."""
return xmlrpclib.SafeTransport.make_connection(self, (host,
self.x509))
And the client code:
x509 = {'key_file': 'client.pkey',
'cert_file':'client.cert'}
server = xmlrpclib.ServerProxy('https://host:port',
sslTransport(x509))
Regards,
Remy Cool
On Tuesday 29 July 2003 19:54, Yannick Gingras wrote:
> Hi,
> I try do customize the SafeTransport of xmlrpclib to do
> certificate validation (signature and the like). I use you
> SecureXMLRPCServer from the distribution.
>
> It works perfectly if I keep the standard SafeTransport but if I
> try :
>
>
> class CustomTransport(SafeTransport):
> def make_connection(self, host):
> conn = SafeTransport.make_connection(self, host)
> addr = (conn._conn.host, conn._conn.port)
> ctx = SSL.Context(SSL.SSLv23_METHOD)
> ctx.set_options(SSL.OP_NO_SSLv2)
> sslConn = SSL.Connection( ctx, socket.socket(
> socket.AF_INET, socket.SOCK_DGRAM) ) sslConn.connect(addr)
> sslConn.set_connect_state()
> sslConn.renegotiate()
> sslConn.do_handshake()
> # must update the socket in conn here
> print (sslConn.get_peer_certificate())
> # do the certificate validation here
> return conn
>
>
> I receive this trace :
>
> File "/usr/lib/python2.2/xmlrpclib.py", line 821, in __call__
> return self.__send(self.__name, args)
> File "/usr/lib/python2.2/xmlrpclib.py", line 975, in __request
> verbose=self.__verbose
> File "/usr/lib/python2.2/xmlrpclib.py", line 833, in request
> h = self.make_connection(host)
> File
> "/home/ygingras/BelugaERP/belugaerp/core/client/SimpleClient.py",
> line 32, in make_connection
> sslConn.do_handshake()
> SSL.Error [('SSL routines', 'SSL_clear', 'internal error')]
>
> I'm not a SSL guru so I wonder what I may have done wrong. Is this
> the right way to make a SLL connection with pyOpenSSL ? I use
> Python 2.2.2 on Red Hat 9. OpenSSL is a custom build of 0.9.7b (I
> tried M2Crypto).
>
> Thanks for your time !
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X