SSL (HTTPS) with 2.4

pyguy2 at gmail.com pyguy2 at gmail.com
Wed May 25 17:16:42 EDT 2005 

After failed attempts at trying to get my code to work with squid.

I did some research into this and came up with some info.

http://www.python.org/peps/pep-0320.txt

"- It would be nice if the built-in SSL socket type
could be used for non-blocking SSL I/O.  Currently
packages such as Twisted  which implement async
servers using SSL have to require third-party packages
such as pyopenssl. "

My guess is that the squid proxy server uses
non-blocking sockets which python ssl does not
support.

And, of course after looking at the squid site, I found this:

"Unlike traditional caching software, Squid handles
all requests in a single, non-blocking, I/O-driven
process."

Now, I haven't had time to verify this. But, it  can explain why the
non-ssl proxy authentication works and the ssl partially works. And,
also why I get success with a different type of proxy server.

For a clue as to why there is this problem I would also recommend
looking at  http://www.openssl.org/support/faq.html, specifically the
section on non-blocking i/o.

It looks like pyopenssl would be an option:
http://pyopenssl.sourceforge.net/

It's docs comment that it was written because m2crypto error handeling
was not finished for non-blocking i/o:

http://pyopenssl.sourceforge.net/pyOpenSSL.txt

The reason this module exists at all is that the SSL support in the
   socket module in the Python 2.1 distribution (which is what we used,
   of course I cannot speak for later versions) is severely limited.

   When asking about SSL on the comp.lang.python newsgroup (or on
   python-list at python.org) people usually pointed you to the M2Crypto
   package. The M2Crypto.SSL module does implement a lot of OpenSSL's
   functionality but unfortunately its error handling system does not
   seem to be finished, especially for non-blocking I/O. I think that
   much of the reason for this is that M2Crypto^1 is developed using
   SWIG^2. This makes it awkward to create functions that e.g. can
return
   both an integer and NULL since (as far as I know) you basically
write
   C functions and SWIG makes wrapper functions that parses the Python
   argument list and calls your C function, and finally transforms your
   return value to a Python object.

john

More information about the Python-list mailing list