Wierd M2Crypto bug - phony "peer did not return certificate" error
John Nagle
nagle at animats.com
Fri Jan 12 02:09:29 EST 2007
OK, I have a one-line fix.
To Connection.py of M2Crypto:
def connect(self, addr):
self.socket.connect(addr)
self.addr = addr
self.socket.settimeout(None) # Back to normal timeout (NEW)
self.setup_ssl()
self.set_connect_state()
ret = self.connect_ssl()
check = getattr(self, 'postConnectionCheck', self.clientPostConnectionCheck)
if check is not None:
if not check(self.get_peer_cert(), self.addr[0]):
raise Checker.SSLVerificationError, 'post connection check failed'
return ret
After the socket is connected, we turn its timeout off.
The effect is that if the caller sets
socket.setdefaulttimeout(timeoutsecs)
before creating the Connection object, that will set the connection
timeout. The socket will be created as non-blocking, but before
any reads or writes are done, we clear the timeout, making it blocking
again. So the connection will time out as requested, but we won't
get errors because the socket is non-blocking and is being used by
code that expects it to block.
Gets usable connection timeouts, and prevents bogus "peer did not
return certificate" errors.
John Nagle
Animats
More information about the Python-list
mailing list