SSL/HTTPS POST proxy login issues
Mark Erikson
markulus00 at yahoo.com
Wed Apr 9 01:42:33 EDT 2003
Ooookay. I've been wrestling with a problem for the last several
weeks, and if someone out there can help me solve it, I'll be
extremely grateful.
My school uses Novell Bordermanager as a proxy to the web. On
school-owned computers, the Novell Proxy Key runs and notifies the
proxy that you're logged into the network and can get outside. On
student-owned computers, an initial attempt to go to a website via the
proxy brings up a proxy login page, in which you enter the username
and password you use to log onto the Novell network. This page is SSL
encrypted, and performs an SSL-encrypted POST to the proxy with the
username, password, destination address, and a couple of other fields.
Since this login procedure must be performed on an initial request as
well as after a half-hour of inactivity, all of which gets annoying,
I've been trying to work on a small utility that would run on startup,
perform the POST necessary to login to the proxy, then sit in the
Windows tray and do a simple GET of, say, Google every 20 minutes or
so to keep the login alive. A fairly simple project, right?
Unfortunately, I have been COMPLETELY unable to execute a successful
SSL connection to any of our four proxy servers using Python. Using
Python 2.2, I've tried the built-in httplib.HTTPSConnection, as well
as the one supplied by M2Crypto 0.09.
Here's the tail end of a typical traceback, along with the code that
produced it:
from M2Crypto import SSL, httpslib
ctx = SSL.Context()
c = httpslib.HTTPSConnection(SERVER_IP, 443, ssl_context=ctx)
params = urllib.urlencode({ various fields from the login page with
proper values } )
headers = { a whole bunch of stuff I copied from what Phoenix sends to
a server }
c.request('POST', '/BM-Login/auth-cup', params, headers)
File "C:\Python22\Lib\site-packages\M2Crypto\SSL\Connection.py", line
96, in connect_ssl
return m2.ssl_connect(self.ssl)
SSLError: (0, 'Error')
The proxy servers have a certificate signed by the school, which I
believe I can export from Internet Explorer in PKCS7 format (not that
I'm completely sure about all that involves, I just know I can do it).
Meanwhile, a friend of mine running a Linux box has been using a
simplified version of the login page with the Javascript command
"loginform.submit()" as part of the body to do a sort of auto-login.
Sooo... I guess I have a few questions.
1) Has anyone ever tried to create something similar?
2) Do I need some sort of a client certificate/key in order to do an
SSL connection to the server?
3) Do I need to do some sort of verification of the server's
certificate, since it's self-signed?
4) Does anyone have ANY other ideas as to how to get this thing to
work?
Anyway, I hope the explanation is detailed enough, and I'll try to
provide more details if necessary. Thanks in advance for any help!
Mark Erikson
More information about the Python-list
mailing list