What timeouts are required when reading SSL certificates with Python 2.6.4?
John Nagle
nagle at animats.com
Tue Jun 1 01:57:47 EDT 2010
Is bug #5103 relevant here? The one about the 30-minute connection hang?
http://bugs.python.org/issue5103
John Nagle
John Nagle wrote:
> I'm converting some M2Crypto code to use the new "ssl" module, and
> I'm concerned about protection against hung machines at the remote end.
> With M2Crypto, getting timeout to work properly required much tweaking.
>
> Here's the code. I've tried it on about fifteen domains, some of which
> support SSL and some which don't. So far, it hasn't hung. Is there any
> further
> protection I need?
>
>
> port = httplib.HTTPS_PORT
> sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
> sock = ssl.wrap_socket(sk, ca_certs=certfile, cert_reqs=ssl.CERT_REQUIRED)
> sock.connect((domain,port))
> cert = sock.getpeercert() # ... process
> certificate data
> del sock
> del sk
>
>
> Note that this doesn't send or receive any data on the SSL connection
> once the handshake has been completed. It's just reading the remote
> certificate as part of a host identity check. Then it drops the
> connection.
>
> John Nagle
More information about the Python-list
mailing list