Thanks for your help but what is the integer value of OP_NO_TICKET?
Currently I've got pyopenssl 0.8 only and have no idea where to get
the dev-source and I don't think the user of the app should have to
install it either.
greetings
Christian Scharkus
>>Hi folks :)
>>
>>I use Arch Linux i686 with pyopenssl-0.8 and openssl-0.9.8j and have got
>>some problems with connecting to kekz.net:23002.
>>
>>http://codepad.org/2aad1eAI
>>
>>$ python
>>Python 2.6.1 (r261:67515, Dec 7 2008, 08:27:41)
>>[GCC 4.3.2] on linux2
>>Type "help", "copyright", "credits" or "license" for more information.
>>>>> import socket
>>>>> from OpenSSL.SSL import SSLv3_METHOD, Connection, Context
>>>>> s = socket.socket()
>>>>> conn = Connection(Context(SSLv3_METHOD), s)
>>>>> conn.connect(('kekz.net',23002))
>>>>> conn.do_handshake()
>>Traceback (most recent call last):
>>
>> File "<stdin>", line 1, in <module>
>>OpenSSL.SSL.Error: [('SSL routines', 'SSL3_GET_RECORD', 'wrong version number')]
>
> This seems to be due to the change in OpenSSL 0.9.8j to sending a TLS
> extension section by default. A correct SSL server will ignore this
> section, but it seems there are a few SSL libraries which freak out
> when they encounter this.
>
> The next version of pyOpenSSL will include a way to work around this
> by exposing a constant to explicitly disable sending this TLS extension
> section.
>
> This is done with a Context option, so if your example code above were
> changed to set up the connection like this:
>
> from OpenSSL.SSL import OP_NO_TICKET
> ctx = Context(SSLv3_METHOD)
> ctx.set_options(OP_NO_TICKET)
> conn = Connection(ctx, s)
>
> Then it would work (I've tested this against trunk@HEAD of pyOpenSSL and
> OpenSSL 0.9.8j and it fixed the connection problem for me).
>
> You can probably also just use the value of OP_NO_TICKET with older versions
> of pyOpenSSL. It will have the same effect on OpenSSL 0.9.8j and no effect
> at all on older versions.
>
> Jean-Paul
|
