SSL (HTTPS) with 2.4
pyguy2 at gmail.com
pyguy2 at gmail.com
Wed May 25 17:16:42 EDT 2005
After failed attempts at trying to get my code to work with squid.
I did some research into this and came up with some info.
http://www.python.org/peps/pep-0320.txt
"- It would be nice if the built-in SSL socket type
could be used for non-blocking SSL I/O. Currently
packages such as Twisted which implement async
servers using SSL have to require third-party packages
such as pyopenssl. "
My guess is that the squid proxy server uses
non-blocking sockets which python ssl does not
support.
And, of course after looking at the squid site, I found this:
"Unlike traditional caching software, Squid handles
all requests in a single, non-blocking, I/O-driven
process."
Now, I haven't had time to verify this. But, it can explain why the
non-ssl proxy authentication works and the ssl partially works. And,
also why I get success with a different type of proxy server.
For a clue as to why there is this problem I would also recommend
looking at http://www.openssl.org/support/faq.html, specifically the
section on non-blocking i/o.
It looks like pyopenssl would be an option:
http://pyopenssl.sourceforge.net/
It's docs comment that it was written because m2crypto error handeling
was not finished for non-blocking i/o:
http://pyopenssl.sourceforge.net/pyOpenSSL.txt
The reason this module exists at all is that the SSL support in the
socket module in the Python 2.1 distribution (which is what we used,
of course I cannot speak for later versions) is severely limited.
When asking about SSL on the comp.lang.python newsgroup (or on
python-list at python.org) people usually pointed you to the M2Crypto
package. The M2Crypto.SSL module does implement a lot of OpenSSL's
functionality but unfortunately its error handling system does not
seem to be finished, especially for non-blocking I/O. I think that
much of the reason for this is that M2Crypto^1 is developed using
SWIG^2. This makes it awkward to create functions that e.g. can
return
both an integer and NULL since (as far as I know) you basically
write
C functions and SWIG makes wrapper functions that parses the Python
argument list and calls your C function, and finally transforms your
return value to a Python object.
john
More information about the Python-list
mailing list