SSL/HTTPS POST proxy login issues

Mark Erikson markulus00 at yahoo.com
Wed Apr 9 01:42:33 EDT 2003 

Ooookay.  I've been wrestling with a problem for the last several
weeks, and if someone out there can help me solve it, I'll be
extremely grateful.

My school uses Novell Bordermanager as a proxy to the web.  On
school-owned computers, the Novell Proxy Key runs and notifies the
proxy that you're logged into the network and can get outside.  On
student-owned computers, an initial attempt to go to a website via the
proxy brings up a proxy login page, in which you enter the username
and password you use to log onto the Novell network.  This page is SSL
encrypted, and performs an SSL-encrypted POST to the proxy with the
username, password, destination address, and a couple of other fields.

Since this login procedure must be performed on an initial request as
well as after a half-hour of inactivity, all of which gets annoying,
I've been trying to work on a small utility that would run on startup,
perform the POST necessary to login to the proxy, then sit in the
Windows tray and do a simple GET of, say, Google every 20 minutes or
so to keep the login alive.  A fairly simple project, right?

Unfortunately, I have been COMPLETELY unable to execute a successful
SSL connection to any of our four proxy servers using Python.  Using
Python 2.2, I've tried the built-in httplib.HTTPSConnection, as well
as the one supplied by M2Crypto 0.09.

Here's the tail end of a typical traceback, along with the code that
produced it:

from M2Crypto import SSL, httpslib
ctx = SSL.Context()
c = httpslib.HTTPSConnection(SERVER_IP, 443, ssl_context=ctx)
params = urllib.urlencode({ various fields from the login page with
proper values } )
headers = { a whole bunch of stuff I copied from what Phoenix sends to
a server }
c.request('POST', '/BM-Login/auth-cup', params, headers)

File "C:\Python22\Lib\site-packages\M2Crypto\SSL\Connection.py", line
96, in connect_ssl
    return m2.ssl_connect(self.ssl)
SSLError: (0, 'Error')

The proxy servers have a certificate signed by the school, which I
believe I can export from Internet Explorer in PKCS7 format (not that
I'm completely sure about all that involves, I just know I can do it).

Meanwhile, a friend of mine running a Linux box has been using a
simplified version of the login page with the Javascript command
"loginform.submit()" as part of the body to do a sort of auto-login.

Sooo... I guess I have a few questions.

1) Has anyone ever tried to create something similar?
2) Do I need some sort of a client certificate/key in order to do an
SSL connection to the server?
3) Do I need to do some sort of verification of the server's
certificate, since it's self-signed?
4) Does anyone have ANY other ideas as to how to get this thing to
work?

Anyway, I hope the explanation is detailed enough, and I'll try to
provide more details if necessary.  Thanks in advance for any help!

Mark Erikson

More information about the Python-list mailing list