From zoltan.felleg at user.hu Sun Oct 6 12:20:13 2002 From: zoltan.felleg at user.hu (Zoltan Felleg) Date: Sun, 06 Oct 2002 12:20:13 +0200 Subject: [pyOpenSSL] PyEval_RestoreThread: NULL tstate Message-ID: <3DA00E5D.8080408@user.hu> hello list, i have a problem with pyOpenSSL, namely as follows: i have created a client/server application, where the clients communicate with the servers on a secure channel. When a client tries to log in to a server (ie. after the SSL handshake it tries to send a message), the client dies with the subject, and the server gets a "connection reset by peer" exception. i have two questions about this: a.) has anyone seen this before? b.) is there an "official" way of handling the WantXYZError exceptions besides ignoring them? thanks a lot, and sorry for the poor english. zoltan ps: both the client and server are multithreaded, the SSL connection is nonblocking, and the pyOpenSSL version is 0.5.1 From md9ms at mdstud.chalmers.se Sun Oct 6 12:46:14 2002 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 06 Oct 2002 12:46:14 +0200 Subject: [pyOpenSSL] PyEval_RestoreThread: NULL tstate In-Reply-To: <3DA00E5D.8080408@user.hu> References: <3DA00E5D.8080408@user.hu> Message-ID: <1033901175.598.40.camel@winterfell> s?n 2002-10-06 klockan 12.20 skrev Zoltan Felleg: > hello list, > > i have a problem with pyOpenSSL, namely as follows: > i have created a client/server application, where the clients > communicate with the servers on a secure channel. When a client tries to > log in to a server (ie. after the SSL handshake it tries to send a > message), the client dies with the subject, and the server gets a > "connection reset by peer" exception. i have two questions about this: > a.) has anyone seen this before? > b.) is there an "official" way of handling the WantXYZError exceptions > besides ignoring them? The WantXYZ exceptions are tricky, but that's because it's tricky in OpenSSL! If you get WantReadError that means OpenSSL wants to read from the socket but couldn't, so after you've made sure that the socket is readable, you should call *the same method* again, with *the same arguments*. It's symmetrical for WantWriteError. So, if for example you get a WantReadError when you do ssl.write('foo') you have to wait (using e.g. select) until the socket corresponding to `ssl' is readable, and then call ssl.write('foo') again. Yes, you can get WantReadErrors on writing, and WantWriteErrors on reading, since OpenSSL does handshakes transparently. > ps: both the client and server are multithreaded, the SSL connection is > nonblocking, and the pyOpenSSL version is 0.5.1 If you're running multithreaded, you'd do well to use OpenSSL.tsafe.Connection instead of OpenSSL.SSL.Connection (tsafe stands for thread safe :)) Regards, Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: From dave at immunitysec.com Sun Oct 6 19:28:06 2002 From: dave at immunitysec.com (Dave Aitel) Date: 06 Oct 2002 13:28:06 -0400 Subject: [pyOpenSSL] PyEval_RestoreThread: NULL tstate In-Reply-To: <1033901175.598.40.camel@winterfell> References: <3DA00E5D.8080408@user.hu> <1033901175.598.40.camel@winterfell> Message-ID: <1033925286.13654.19.camel@www.immunitysec.com> On Sun, 2002-10-06 at 06:46, Martin Sj?gren wrote: > If you're running multithreaded, you'd do well to use > OpenSSL.tsafe.Connection instead of OpenSSL.SSL.Connection (tsafe stands > for thread safe :)) > > > Regards, > Martin hmm. How does one do this exactly? -dave self.mysocket = OpenSSL.tsafe.Connection(ctx, self.mysocket) Connected to by ('127.0.0.1', 36388) Exception in thread Thread-1: Traceback (most recent call last): File "/usr/lib/python2.2/threading.py", line 408, in __bootstrap self.run() File "./spkproxy.py", line 699, in run self.connection.startSSLserver() File "./spkproxy.py", line 94, in startSSLserver self.mysocket = OpenSSL.tsafe.Connection(ctx, self.mysocket) AttributeError: 'module' object has no attribute 'tsafe' -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 232 bytes Desc: This is a digitally signed message part URL: From md9ms at mdstud.chalmers.se Sun Oct 6 20:22:21 2002 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 06 Oct 2002 20:22:21 +0200 Subject: [pyOpenSSL] PyEval_RestoreThread: NULL tstate In-Reply-To: <1033925286.13654.19.camel@www.immunitysec.com> References: <3DA00E5D.8080408@user.hu> <1033901175.598.40.camel@winterfell> <1033925286.13654.19.camel@www.immunitysec.com> Message-ID: <1033928542.8272.2.camel@winterfell> s?n 2002-10-06 klockan 19.28 skrev Dave Aitel: > On Sun, 2002-10-06 at 06:46, Martin Sj?gren wrote: > > > If you're running multithreaded, you'd do well to use > > OpenSSL.tsafe.Connection instead of OpenSSL.SSL.Connection (tsafe stands > > for thread safe :)) > > hmm. How does one do this exactly? > -dave > > > self.mysocket = OpenSSL.tsafe.Connection(ctx, self.mysocket) > self.mysocket = OpenSSL.tsafe.Connection(ctx, self.mysocket) > AttributeError: 'module' object has no attribute 'tsafe' D'oh! I must have forgotten to import tsafe from the __init__.py file. If you do import OpenSSL.tsafe, or from OpenSSL import tsafe, it works. /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: From dave at immunitysec.com Sun Oct 6 21:29:16 2002 From: dave at immunitysec.com (Dave Aitel) Date: 06 Oct 2002 15:29:16 -0400 Subject: [pyOpenSSL] PyEval_RestoreThread: NULL tstate In-Reply-To: <1033928542.8272.2.camel@winterfell> References: <3DA00E5D.8080408@user.hu> <1033901175.598.40.camel@winterfell> <1033925286.13654.19.camel@www.immunitysec.com> <1033928542.8272.2.camel@winterfell> Message-ID: <1033932556.13654.21.camel@www.immunitysec.com> Does a tsafe connection not support this? -dave Exception in thread Thread-1: Traceback (most recent call last): File "/usr/lib/python2.2/threading.py", line 408, in __bootstrap self.run() File "./spkproxy.py", line 700, in run self.connection.startSSLserver() File "./spkproxy.py", line 98, in startSSLserver self.mysocket.set_accept_state() AttributeError: Connection instance has no attribute 'set_accept_state' On Sun, 2002-10-06 at 14:22, Martin Sj?gren wrote: > s?n 2002-10-06 klockan 19.28 skrev Dave Aitel: > > On Sun, 2002-10-06 at 06:46, Martin Sj?gren wrote: > > > > > If you're running multithreaded, you'd do well to use > > > OpenSSL.tsafe.Connection instead of OpenSSL.SSL.Connection (tsafe stands > > > for thread safe :)) > > > > hmm. How does one do this exactly? > > -dave > > > > > > self.mysocket = OpenSSL.tsafe.Connection(ctx, self.mysocket) > > self.mysocket = OpenSSL.tsafe.Connection(ctx, self.mysocket) > > AttributeError: 'module' object has no attribute 'tsafe' > > D'oh! I must have forgotten to import tsafe from the __init__.py file. > If you do import OpenSSL.tsafe, or from OpenSSL import tsafe, it works. > > > /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 232 bytes Desc: This is a digitally signed message part URL: From md9ms at mdstud.chalmers.se Sun Oct 6 21:49:01 2002 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 06 Oct 2002 21:49:01 +0200 Subject: [pyOpenSSL] PyEval_RestoreThread: NULL tstate In-Reply-To: <1033932556.13654.21.camel@www.immunitysec.com> References: <3DA00E5D.8080408@user.hu> <1033901175.598.40.camel@winterfell> <1033925286.13654.19.camel@www.immunitysec.com> <1033928542.8272.2.camel@winterfell> <1033932556.13654.21.camel@www.immunitysec.com> Message-ID: <1033933741.8271.6.camel@winterfell> s?n 2002-10-06 klockan 21.29 skrev Dave Aitel: > Does a tsafe connection not support this? The reason for this is that the tsafe.Connection hasn't been updated when the SSL.Connection has been. :/ I blame my bad memory. :-) If you check the code in tsafe.py you'll see it's easy to fix ;) but I think it might be a good idea to use a getattr descriptor instead of this ugly hack. If anybody have suggestions I'll gladly hear them. /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: From dave at immunitysec.com Mon Oct 7 12:28:59 2002 From: dave at immunitysec.com (Dave Aitel) Date: 07 Oct 2002 06:28:59 -0400 Subject: [pyOpenSSL] PyEval_RestoreThread: NULL tstate In-Reply-To: <1033933741.8271.6.camel@winterfell> References: <3DA00E5D.8080408@user.hu> <1033901175.598.40.camel@winterfell> <1033925286.13654.19.camel@www.immunitysec.com> <1033928542.8272.2.camel@winterfell> <1033932556.13654.21.camel@www.immunitysec.com> <1033933741.8271.6.camel@winterfell> Message-ID: <1033986539.13606.32.camel@www.immunitysec.com> can we just fix tsafe for .2? I'll force all my users to upgrade. :> -dave On Sun, 2002-10-06 at 15:49, Martin Sj?gren wrote: > s?n 2002-10-06 klockan 21.29 skrev Dave Aitel: > > Does a tsafe connection not support this? > > The reason for this is that the tsafe.Connection hasn't been updated > when the SSL.Connection has been. :/ I blame my bad memory. :-) If you > check the code in tsafe.py you'll see it's easy to fix ;) but I think it > might be a good idea to use a getattr descriptor instead of this ugly > hack. If anybody have suggestions I'll gladly hear them. > > > /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 232 bytes Desc: This is a digitally signed message part URL: From md9ms at mdstud.chalmers.se Mon Oct 7 19:30:37 2002 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 07 Oct 2002 19:30:37 +0200 Subject: [pyOpenSSL] PyEval_RestoreThread: NULL tstate In-Reply-To: <1033986539.13606.32.camel@www.immunitysec.com> References: <3DA00E5D.8080408@user.hu> <1033901175.598.40.camel@winterfell> <1033925286.13654.19.camel@www.immunitysec.com> <1033928542.8272.2.camel@winterfell> <1033932556.13654.21.camel@www.immunitysec.com> <1033933741.8271.6.camel@winterfell> <1033986539.13606.32.camel@www.immunitysec.com> Message-ID: <1034011837.2039.60.camel@winterfell> m?n 2002-10-07 klockan 12.28 skrev Dave Aitel: > can we just fix tsafe for .2? I'll force all my users to upgrade. :> > -dave Yeah I suppose so. Are you in a hurry? I'm swamped with work at the university (trying to study full time AND teach). /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: From dave at immunitysec.com Mon Oct 7 19:32:01 2002 From: dave at immunitysec.com (Dave Aitel) Date: 07 Oct 2002 13:32:01 -0400 Subject: [pyOpenSSL] PyEval_RestoreThread: NULL tstate In-Reply-To: <1034011837.2039.60.camel@winterfell> References: <3DA00E5D.8080408@user.hu> <1033901175.598.40.camel@winterfell> <1033925286.13654.19.camel@www.immunitysec.com> <1033928542.8272.2.camel@winterfell> <1033932556.13654.21.camel@www.immunitysec.com> <1033933741.8271.6.camel@winterfell> <1033986539.13606.32.camel@www.immunitysec.com> <1034011837.2039.60.camel@winterfell> Message-ID: <1034011921.13654.126.camel@www.immunitysec.com> It's no biggie for me. I'm not having any problems with OpenSSL.SSL.Connection, despite being multi-threaded. I can wait as long as it takes. -dave On Mon, 2002-10-07 at 13:30, Martin Sj?gren wrote: > m?n 2002-10-07 klockan 12.28 skrev Dave Aitel: > > can we just fix tsafe for .2? I'll force all my users to upgrade. :> > > -dave > > Yeah I suppose so. Are you in a hurry? I'm swamped with work at the > university (trying to study full time AND teach). > > > /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 232 bytes Desc: This is a digitally signed message part URL: From dave at immunitysec.com Mon Oct 7 23:58:00 2002 From: dave at immunitysec.com (Dave Aitel) Date: 07 Oct 2002 17:58:00 -0400 Subject: [pyOpenSSL] Hmm... Message-ID: <1034027880.13606.157.camel@www.immunitysec.com> has anyone compiled this on OS X? I got this from a user: funny thing, maybe it is just me -but I am having quite a time to get the PySSL stuff to compile on Mac 10.2.1... Have you heard of any success stories? Dennis -dave -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 232 bytes Desc: This is a digitally signed message part URL: From md9ms at mdstud.chalmers.se Tue Oct 8 08:45:01 2002 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 08 Oct 2002 08:45:01 +0200 Subject: [pyOpenSSL] Hmm... In-Reply-To: <1034027880.13606.157.camel@www.immunitysec.com> References: <1034027880.13606.157.camel@www.immunitysec.com> Message-ID: <1034059501.757.3.camel@winterfell> m?n 2002-10-07 klockan 23.58 skrev Dave Aitel: > has anyone compiled this on OS X? Yes, I have. But I had openssl-dev installed from fink (that's why setup.py explicitly adds '/sw/include' and '/sw/lib' when on darwin). I don't remember if there's a OSX machine in the sourceforge compile farm (but it seems to be down at the moment anyway). I don't have a mac myself, so it's kinda hard to give an estimation on when I'll be able to test it... /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: From dave at immunitysec.com Tue Oct 8 15:48:10 2002 From: dave at immunitysec.com (Dave Aitel) Date: 08 Oct 2002 09:48:10 -0400 Subject: [pyOpenSSL] pyOpenSSL for win32 Message-ID: <1034084890.20700.243.camel@www.immunitysec.com> I'm trying to create a standalone release of SPIKE Proxy, which relies on PyOpenSSL, but currently am failing to compile pyOpenSSL with mingw - is there an environment variable I can setup that sets the compiler? (or a precompiled win32 binary I can shove somewhere?) -dave -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 232 bytes Desc: This is a digitally signed message part URL: From md9ms at mdstud.chalmers.se Wed Oct 9 00:06:43 2002 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 09 Oct 2002 00:06:43 +0200 Subject: [pyOpenSSL] pyOpenSSL for win32 In-Reply-To: <1034084890.20700.243.camel@www.immunitysec.com> References: <1034084890.20700.243.camel@www.immunitysec.com> Message-ID: <1034114804.6667.6.camel@winterfell> tis 2002-10-08 klockan 15.48 skrev Dave Aitel: > I'm trying to create a standalone release of SPIKE Proxy, which relies > on PyOpenSSL, but currently am failing to compile pyOpenSSL with mingw - > is there an environment variable I can setup that sets the compiler? I have no idea what distutils's inner black magic does, but I saw there was a thread on python-dev about mingw: http://mail.python.org/pipermail/python-dev/2002-October/029178.html (I don't have any experience with mingw so I don't know if it's helpful or not) /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: From dave at immunitysec.com Thu Oct 10 00:55:15 2002 From: dave at immunitysec.com (Dave Aitel) Date: 09 Oct 2002 18:55:15 -0400 Subject: [pyOpenSSL] Win32 Message-ID: <1034204115.20700.415.camel@www.immunitysec.com> The new SPIKE Proxy for win32 contains an entire Python distro with binaries of the latest OpenSSL and PyOpenSSL. If you want to quickly test someone on windows, you can download it (it's 8 megs) and it should work. :> -dave -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 232 bytes Desc: This is a digitally signed message part URL: From thejoinerfamil at aol.com Fri Oct 25 19:16:10 2002 From: thejoinerfamil at aol.com (originalwheelbarrowscreener.com) Date: Fri, 25 Oct 2002 19:16:10 Subject: [pyOpenSSL] WIN a FREE Wheelbarrow screener and make your own topsoil! Message-ID: PM20007:16:10 PM An HTML attachment was scrubbed... URL: