Wierd M2Crypto bug - phony "peer did not return certificate" error
Heikki Toivonen
heikki at osafoundation.org
Thu Jan 11 18:29:05 EST 2007
nagle at animats.com wrote:
> That's a problem for me. I need short timeouts; I'm accessing sites
> that might or might not have SSL support, and I need to quickly time
> out when there's no SSL server.
You should be able to do short timeouts, just not using the global
setdefaulttimeout. Have you tried Connection.set_socket_read/write_timeout?
Also like I mentioned before, if you use the Twisted wrapper and let
Twisted handle network stuff you should be fine.
> Python needs a merge here. Read Guido van Rossum's rant on M2Crypto:
>
> http://www.artima.com/weblogs/viewpost.jsp?thread=95863
That's old news, I believe I have fixed all of the issues mentioned
there already in the 0.16 release.
> What's probably needed is to implement the additional API functions of
> the M2Crypto wrapper in the PyOpenSSL wrapper, so that the M2Crypto
> components written in Python could be used with it. Then we'd have one
> good implementation instead of two broken ones.
M2Crypto and pyOpenSSL (and pyOpenSSL-extended, which you might want to
take a look at as well) are implemented pretty differently, so merging
seems unlikely. They are pretty small code wise, though, so it is not an
impossible task.
Personally I think I'd prefer if Python stdlib contained a better SSL
module that did at least all the checks required for safe SSL
connection. (Yeah, yeah, maybe I need to write it myself if nobody else
gets to it;)
--
Heikki Toivonen
More information about the Python-list
mailing list