Resolved: xmlrpc ssl (slightly embarrassing, long post)

Rune Hansen rune.hansen at sinsenveien83.com
Tue Jun 10 10:42:01 EDT 2003 

Just thought I should check in and tell you the end of this story.
After spending several hours rewriting SocketServer, BaseHTTPServer and
SimpleXMLRPCServer using the _mysterious_ OpenSSL library I found in
site-packages , I decided to roam sourceforge to see if the OpenSSL 
project existed.
Not only did it exist (as pyOpenSSL-0.5.1) but in the examples section I 
found a
SecureXMLRPCServer implementation that did exactly the same as my
implementation, only better and cleaner(in my defense, optimization
wasn't as high on the list as getting it to work - would have gotten
there, eventually, I think).
I'm sure there is a moral here somewhere...

Anyways, thanks for your time, and thanks to the people who offered help.

regards

/rune

Rune Hansen wrote:
> Hi, I'm slightly embarrassed to ask these questions, mainly because I
> fear that I've yet to full grasp the problem at hand. I'm trying to use 
> https
> in communication with a xmlrpc server. Both server and client should
> preferably be build with python. I'm reasoning that I need a
> socket.ssl() object.(BTW I've created a key and cert file with the
> help of the openssl how-to found at
> http://www.eclectica.ca/howto/ssl-cert-howto.php)
> -- 
>  >>> import socket
>  >>> s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
>  >>> ssl = socket.ssl(s, 'key.pem','cert.pem')
> Traceback (most recent call last):
>   File "<stdin>", line 1, in ?
> socket.error: (32, 'Broken pipe')
> -- 
> Now, my ignorance begins to show. This is obviously not right. After
> all, I want to use SimpleXMLRPCServer....so...I found some code on
> cz.comp.lang.python
> (http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=20030509134042.GE474%40dat.cz&rnum=1&prev=/groups%3Fq%3Dpython%2Bsocket.ssl%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3D20030509134042.GE474%2540dat.cz%26rnum%3D1) 
> 
> 
> Using this code I rewrote:
> class TCPServer(BaseServer):
>     address_family = socket.AF_INET
>     socket_type = socket.SOCK_STREAM
>     request_queue_size = 5
>     allow_reuse_address = 0
> 
>     def __init__(self, server_address, RequestHandlerClass):
>         """Constructor.  May be extended, do not override."""
>         BaseServer.__init__(self, server_address, RequestHandlerClass)
>     #OpenSSL
>         ctx = SSL.Context(SSL.SSLv23_METHOD)
>         ctx.set_options(SSL.OP_NO_SSLv2)
>         ctx.set_verify(SSL.VERIFY_PEER, verify_cb)
>         ctx.use_privatekey_file ('key.pem')
>         ctx.use_certificate_file('cert.pem')
>         self.socket = 
> SSL.Connection(ctx,socket.socket(self.address_family,self.socket_type))
> 
>         self.server_bind()
>         self.server_activate()
> 
> , blatantly ignoring the "May be extended, do not override"
> warning(!), and wrote a wrapper for SimpleXMLRPCServer(to make use of
> the new TCPServer class). Creating and starting a server based on this
> SimpleXMLRPCServer class goes witout a hitch. But when connecting to
> the server I get this traceback on the client:
>  >>> import xmlrpclib
>  >>> s = xmlrpclib.Server('https://localhost:8000')
>  >>> p = s.postnr('1411')
> Traceback (most recent call last):
>   File "<stdin>", line 1, in ?
>   File "//usr/lib/python2.2/xmlrpclib.py", line 821, in __call__
>     return self.__send(self.__name, args)
>   File "//usr/lib/python2.2/xmlrpclib.py", line 975, in __request
>     verbose=self.__verbose
>   File "//usr/lib/python2.2/xmlrpclib.py", line 840, in request
>     self.send_content(h, request_body)
>   File "//usr/lib/python2.2/xmlrpclib.py", line 876, in send_content
>     connection.endheaders()
>   File "//usr/lib/python2.2/httplib.py", line 695, in endheaders
>     self._send_output()
>   File "//usr/lib/python2.2/httplib.py", line 581, in _send_output
>     self.send(msg)
>   File "//usr/lib/python2.2/httplib.py", line 548, in send
>     self.connect()
>   File "//usr/lib/python2.2/httplib.py", line 945, in connect
>     ssl = socket.ssl(realsock, self.key_file, self.cert_file)
> socket.sslerror: (8, 'EOF occurred in violation of protocol')
> 
> And this error message on the server:
> exception happened during processing of request from ('127.0.0.1', 49579)
> Traceback (most recent call last):
>   File "//usr/lib/python2.2/SocketServer.py", line 221, in handle_request
>     self.process_request(request, client_address)
>   File "//usr/lib/python2.2/SocketServer.py", line 240, in process_request
>     self.finish_request(request, client_address)
>   File "//usr/lib/python2.2/SocketServer.py", line 253, in finish_request
>     self.RequestHandlerClass(request, client_address, self)
>   File "//usr/lib/python2.2/SocketServer.py", line 513, in __init__
>     self.setup()
>   File "//usr/lib/python2.2/SocketServer.py", line 553, in setup
>     self.rfile = self.connection.makefile('rb', self.rbufsize)
> NotImplementedError: Cannot make file object of SSL.Connection
> 
> 
> Did I mention that I really don't know what I'm doing? Uhm..yes, I
> believe I did. Anyways, I would be very happy if someone could
> enlighten me...
> 
> regards
> 
> /rune
>

More information about the Python-list mailing list