From zoltan.felleg at user.hu Mon Jan 6 17:31:17 2003 From: zoltan.felleg at user.hu (Zoltan Felleg) Date: Mon, 06 Jan 2003 17:31:17 +0100 Subject: [pyOpenSSL] memory leak? Message-ID: <3E19AF55.8050700@user.hu> hello list, i have a problem with pyOpenSSL, as follows: if i create a network client, i must explicitly delete the context of it and the client itself to free the memory it is using. ie. a class with the ctx = SSL.Context, conn = SSL.Connection attributes is not removed from memory, if i do not delete the conn.ctx and the conn attributes. i was testing it with a simple loop that just created a thousand connection objects without connecting them to anywhere, and it used up about 20 megabytes of memory. besides that, there is another problem i could not work around, which arises at the server side of an SSL connection. using the simple server in the examples directory of the package, a thousand clients connecting, sending some data and then disconnecting also made the server to use significantly more memory than the amount it was using at the startup. is it a problem with me doing something evil, or is it a problem in pyOpenSSL or even in OpenSSL? in the first case what the heck am i doing wrong? the environment is Red Hat linux 8.0, OpenSSL 0.9.6h, pyOpenSSL 0.5.1, Python 2.2.2. thanks, zoltan ps: sorry for the poor english ps2: if i was not clear/understandable, or the subject needs more testing/whatever, i have the time and willingness... From md9ms at mdstud.chalmers.se Mon Jan 6 18:53:37 2003 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 06 Jan 2003 18:53:37 +0100 Subject: [pyOpenSSL] memory leak? In-Reply-To: <3E19AF55.8050700@user.hu> References: <3E19AF55.8050700@user.hu> Message-ID: <1041875617.1247.29.camel@sjogren.ostkupan.studenthem.gu.se> m?n 2003-01-06 klockan 17.31 skrev Zoltan Felleg: > hello list, > > i have a problem with pyOpenSSL, as follows: > if i create a network client, i must explicitly delete the context of it > and the client itself to free the memory it is using. ie. a class with > the ctx = SSL.Context, conn = SSL.Connection attributes is not removed > from memory, if i do not delete the conn.ctx and the conn attributes. i > was testing it with a simple loop that just created a thousand > connection objects without connecting them to anywhere, and it used up > about 20 megabytes of memory. besides that, there is another problem i Would you mind detailing the exact test script you used? With the following script === from OpenSSL import SSL import socket while 1: ctx = SSL.Context(SSL.TLSv1_METHOD) conn = SSL.Connection(ctx, socket.socket()) === running on Debian unstable, using OpenSSL 0.9.6g, pyOpenSSL 0.5.1 and Python 2.2.2 I can't detect any leaking at all (monitoring it in top while it's running) Am I misunderstanding you? > could not work around, which arises at the server side of an SSL > connection. using the simple server in the examples directory of the > package, a thousand clients connecting, sending some data and then > disconnecting also made the server to use significantly more memory than > the amount it was using at the startup. is it a problem with me doing > something evil, or is it a problem in pyOpenSSL or even in OpenSSL? in > the first case what the heck am i doing wrong? the environment is Red > Hat linux 8.0, OpenSSL 0.9.6h, pyOpenSSL 0.5.1, Python 2.2.2. I tried running python server.py 2000 >& /dev/null and while true; do echo foo | python client.py localhost 2000; done >& /dev/null and the memory usage of the server did increase, but very very very slowly, it took several *minutes* for it to reach 5% of my total memory (256M), and then I sat watching it for several more minutes and it never went over 6.1%. I don't know what to make of it. :) /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: From zoltan.felleg at user.hu Wed Jan 8 12:24:33 2003 From: zoltan.felleg at user.hu (Zoltan Felleg) Date: Wed, 08 Jan 2003 12:24:33 +0100 Subject: [pyOpenSSL] memory leak? References: <3E19AF55.8050700@user.hu> <1041875617.1247.29.camel@sjogren.ostkupan.studenthem.gu.se> Message-ID: <3E1C0A71.3010501@user.hu> Martin Sj?gren wrote: > > Would you mind detailing the exact test script you used? With the > following script > === > from OpenSSL import SSL > import socket > > while 1: > ctx = SSL.Context(SSL.TLSv1_METHOD) > conn = SSL.Connection(ctx, socket.socket()) > === > running on Debian unstable, using OpenSSL 0.9.6g, pyOpenSSL 0.5.1 and > Python 2.2.2 I can't detect any leaking at all (monitoring it in top > while it's running) same results for me... > > Am I misunderstanding you? > > > I tried running > > python server.py 2000 >& /dev/null > > and > > while true; do echo foo | python client.py localhost 2000; done >& > /dev/null > > and the memory usage of the server did increase, but very very very > slowly, it took several *minutes* for it to reach 5% of my total memory > (256M), and then I sat watching it for several more minutes and it never > went over 6.1%. I don't know what to make of it. :) > this method for me results in constantly growing memory usage of the server (about 10-20MB per minute). and the id of the Connection object is constantly changing (growing), while the Context remains the same (as expected), so i'm assuming the Connection objects returned by the accept method do not get deleted. (i tied to explicitly delete both the connection object and its context, but the leak remained). > > /Martin the script i was using follows: #!/bin/env python import os import time import socket import OpenSSL.SSL import OpenSSL.tsafe keydir = '/data/devel/triton/source/key' ca_cf = os.path.normpath(os.path.join(keydir, 'ca.cert')) ca_kf = os.path.normpath(os.path.join(keydir, 'ca.key')) server_cf = os.path.normpath(os.path.join(keydir, 'svr.cert')) server_kf = os.path.normpath(os.path.join(keydir, 'svr.key')) client_cf = os.path.normpath(os.path.join(keydir, 'clt.cert')) client_kf = os.path.normpath(os.path.join(keydir, 'clt.key')) class client: def __init__(self): self.ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD) self.ctx.set_verify(OpenSSL.SSL.VERIFY_PEER, self.verifycb) self.ctx.use_privatekey_file(client_kf) self.ctx.use_certificate_file(client_cf) self.ctx.load_verify_locations(ca_cf) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.co = OpenSSL.tsafe.Connection(self.ctx, sock) def verifycb(self, conn, cert, errnum, depth, ok): return ok if __name__ == '__main__': time.sleep(5) for i in range(10000): print i clt = client() clt.co.close() del clt.ctx del clt.co time.sleep(10) when both the del clt.ctx and del clt.co lines are there, there is no leak at all. if both of them are commented out, the memory usage goes to about 100MB, and if only the context is deleted, the memory usage is about 80MB. all tests are done on Red Hat 8.0, both with the standard python and openssl, and with self compiled ones, the results are the same. (when using the OpenSSL.SSL.Connection instead of the tsafe one, nothing changes). i cannot exactly recall the results of using a statically linked openssl right now, but the leak was there too. i will test it both on Red Hat 7.3 and Windows, and send the results. right now i'm totally clueless. any suggestions? zoltan From md9ms at mdstud.chalmers.se Wed Jan 8 19:41:55 2003 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 08 Jan 2003 19:41:55 +0100 Subject: [pyOpenSSL] memory leak? In-Reply-To: <3E1C0A71.3010501@user.hu> References: <3E19AF55.8050700@user.hu> <1041875617.1247.29.camel@sjogren.ostkupan.studenthem.gu.se> <3E1C0A71.3010501@user.hu> Message-ID: <1042051315.1092.51.camel@sjogren.ostkupan.studenthem.gu.se> ons 2003-01-08 klockan 12.24 skrev Zoltan Felleg: > this method for me results in constantly growing memory usage of the > server (about 10-20MB per minute). and the id of the Connection object > is constantly changing (growing), while the Context remains the same (as > expected), so i'm assuming the Connection objects returned by the accept > method do not get deleted. (i tied to explicitly delete both the > connection object and its context, but the leak remained). Hmm, I guess I'll have to monitor it a bit longer. > the script i was using follows: I think I've figured out the problem. > class client: > def __init__(self): > self.ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD) > self.ctx.set_verify(OpenSSL.SSL.VERIFY_PEER, self.verifycb) Using self.verifycb introduces a cyclic reference. > self.ctx.use_privatekey_file(client_kf) > self.ctx.use_certificate_file(client_cf) > self.ctx.load_verify_locations(ca_cf) > sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) > self.co = OpenSSL.tsafe.Connection(self.ctx, sock) The use of self.ctx here is also cyclic. > def verifycb(self, conn, cert, errnum, depth, ok): > return ok > > > if __name__ == '__main__': > time.sleep(5) > for i in range(10000): > print i > clt = client() > clt.co.close() > del clt.ctx > del clt.co > time.sleep(10) > > when both the del clt.ctx and del clt.co lines are there, there is no > leak at all. if both of them are commented out, the memory usage goes to > about 100MB, and if only the context is deleted, the memory usage is > about 80MB. Add a def __del__(self): print 'del' method and you'll see that when both the del:s in the loop are present, it'll print 'del', but if you comment any one of them they will disappear. Compare with a similar program. === class foo: def __init__(self, x): self.foo = x class bar: def __init__(self): self.bar = foo(self.m) def m(self): pass def __del__(self): print 'del' while 1: x = bar() #del x.bar === It has the exact same problem. /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: From zoltan.felleg at user.hu Thu Jan 9 10:38:30 2003 From: zoltan.felleg at user.hu (Zoltan Felleg) Date: Thu, 09 Jan 2003 10:38:30 +0100 Subject: [pyOpenSSL] memory leak? References: <3E19AF55.8050700@user.hu> <1041875617.1247.29.camel@sjogren.ostkupan.studenthem.gu.se> <3E1C0A71.3010501@user.hu> <1042051315.1092.51.camel@sjogren.ostkupan.studenthem.gu.se> Message-ID: <3E1D4316.9020709@user.hu> Martin Sj?gren wrote: > > > I think I've figured out the problem. > > >>class client: >> def __init__(self): >> self.ctx = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD) >> self.ctx.set_verify(OpenSSL.SSL.VERIFY_PEER, self.verifycb) > > > Using self.verifycb introduces a cyclic reference. > > >> self.ctx.use_privatekey_file(client_kf) >> self.ctx.use_certificate_file(client_cf) >> self.ctx.load_verify_locations(ca_cf) >> sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) >> self.co = OpenSSL.tsafe.Connection(self.ctx, sock) > > > The use of self.ctx here is also cyclic. thanks, i'll give it a try not using class methods/attributes for the context/verifycb. (stupid me, the last thing i would think about were cyclic references). > > >> def verifycb(self, conn, cert, errnum, depth, ok): >> return ok >> >> >>if __name__ == '__main__': >> time.sleep(5) >> for i in range(10000): >> print i >> clt = client() >> clt.co.close() >> del clt.ctx >> del clt.co >> time.sleep(10) >> i'll also try to modify the simple server to avoid the leak. what hardware do you use for the test? maybe (i hope) you do not see the leak because the server do not serve as many clients within a few minutes to make it visible. i'll try it with a fixed number (a few thousands) of clients connecting, and send the results. thanks, zoltan From md9ms at mdstud.chalmers.se Thu Jan 9 12:33:32 2003 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 09 Jan 2003 12:33:32 +0100 Subject: [pyOpenSSL] memory leak? In-Reply-To: <3E1D4316.9020709@user.hu> References: <3E19AF55.8050700@user.hu> <1041875617.1247.29.camel@sjogren.ostkupan.studenthem.gu.se> <3E1C0A71.3010501@user.hu> <1042051315.1092.51.camel@sjogren.ostkupan.studenthem.gu.se> <3E1D4316.9020709@user.hu> Message-ID: <1042112012.1123.1.camel@sjogren.ostkupan.studenthem.gu.se> tor 2003-01-09 klockan 10.38 skrev Zoltan Felleg: > i'll also try to modify the simple server to avoid the leak. what > hardware do you use for the test? maybe (i hope) you do not see the leak > because the server do not serve as many clients within a few minutes to > make it visible. i'll try it with a fixed number (a few thousands) of > clients connecting, and send the results. Sounds good. I'm on an Athlon 1.4GHz with 384MB RAM. /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: From md9ms at mdstud.chalmers.se Thu Jan 9 13:07:24 2003 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 09 Jan 2003 13:07:24 +0100 Subject: [pyOpenSSL] memory leak? In-Reply-To: <3E1D4316.9020709@user.hu> References: <3E19AF55.8050700@user.hu> <1041875617.1247.29.camel@sjogren.ostkupan.studenthem.gu.se> <3E1C0A71.3010501@user.hu> <1042051315.1092.51.camel@sjogren.ostkupan.studenthem.gu.se> <3E1D4316.9020709@user.hu> Message-ID: <1042114044.1123.13.camel@sjogren.ostkupan.studenthem.gu.se> tor 2003-01-09 klockan 10.38 skrev Zoltan Felleg: > thanks, i'll give it a try not using class methods/attributes for the > context/verifycb. (stupid me, the last thing i would think about were > cyclic references). I just had an idea, and it worked out. A simple way to avoid the problem is to make verifycb a static method: def verifycb(conn, cert, errnum, depth, ok): return ok verifycb = staticmethod(verifycb) The static method has no reference to any instance objects and will therefore not create a cycle. /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: From md9ms at mdstud.chalmers.se Thu Jan 9 18:13:42 2003 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 09 Jan 2003 18:13:42 +0100 Subject: [pyOpenSSL] memory leak? In-Reply-To: <3E1D4316.9020709@user.hu> References: <3E19AF55.8050700@user.hu> <1041875617.1247.29.camel@sjogren.ostkupan.studenthem.gu.se> <3E1C0A71.3010501@user.hu> <1042051315.1092.51.camel@sjogren.ostkupan.studenthem.gu.se> <3E1D4316.9020709@user.hu> Message-ID: <1042132422.1122.186.camel@sjogren.ostkupan.studenthem.gu.se> I've just commited code that makes use of the cyclic GC API for e.g. Connections and Contexts and I can no longer see any leaking while using instance methods. Zoltan, can you run your tests with the CVS version? /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: From zoltan.felleg at user.hu Fri Jan 10 16:19:07 2003 From: zoltan.felleg at user.hu (Zoltan Felleg) Date: Fri, 10 Jan 2003 16:19:07 +0100 Subject: [pyOpenSSL] memory leak? References: <3E19AF55.8050700@user.hu> <1041875617.1247.29.camel@sjogren.ostkupan.studenthem.gu.se> <3E1C0A71.3010501@user.hu> <1042051315.1092.51.camel@sjogren.ostkupan.studenthem.gu.se> <3E1D4316.9020709@user.hu> <1042132422.1122.186.camel@sjogren.ostkupan.studenthem.gu.se> Message-ID: <3E1EE46B.7020001@user.hu> Martin Sj?gren wrote: > I've just commited code that makes use of the cyclic GC API for e.g. > Connections and Contexts and I can no longer see any leaking while using > instance methods. Zoltan, can you run your tests with the CVS version? > > > /Martin sure, i will test it on the weekend. the client leakage has disappeared as soon as the verify callback was removed from the class, thanks. i have tested the simple server with 2000 clients, the memory footprint of it was 2724Kat the startup, after the last client has disconnected, it was 12100K +- 100K. when i modified it a bit, so after a ZeroReturnError the dropClient function was called with an error parameter, to skip the shutdown method, the leakage disappeared, but a few hundred TIME_WAIT lines showed up in the netstat command's output. so right now i'm completely satisfied, but if you find out something about this, please let me know :) i'll send you the results of testing the CVS version next week sometime (i won't have access to the net on monday and maybe tuesday). thanks for the help, zoltan From mjabbur at terra.com.br Tue Jan 14 14:14:32 2003 From: mjabbur at terra.com.br (Marlon Jabbur) Date: Tue, 14 Jan 2003 11:14:32 -0200 Subject: [pyOpenSSL] How to detect if a port has SSL running? Message-ID: <20030114131432.GA5231@terra.com.br> Hi list, I've been using pyOpenSSL for a while and I have a problem that I could not solve and maybe someone can help me. My problem is how do I detect if a arbitrary port is running or not SSL? When I establish a connection with a non-ssl server and I try to send some data it hangs forever, I'm guessing that the problem is that the SSL handshake never completes, but how can I catch this error in a script? Thanks, Marlon From zoltan.felleg at user.hu Tue Jan 14 14:44:53 2003 From: zoltan.felleg at user.hu (Zoltan Felleg) Date: Tue, 14 Jan 2003 14:44:53 +0100 Subject: [pyOpenSSL] memory leak? References: <3E19AF55.8050700@user.hu> <1041875617.1247.29.camel@sjogren.ostkupan.studenthem.gu.se> <3E1C0A71.3010501@user.hu> <1042051315.1092.51.camel@sjogren.ostkupan.studenthem.gu.se> <3E1D4316.9020709@user.hu> <1042132422.1122.186.camel@sjogren.ostkupan.studenthem.gu.se> Message-ID: <3E241455.2070605@user.hu> Martin Sj?gren wrote: > I've just commited code that makes use of the cyclic GC API for e.g. > Connections and Contexts and I can no longer see any leaking while using > instance methods. Zoltan, can you run your tests with the CVS version? > > > /Martin hello, i,ve tested the CVS version, it works greatly for me (does not leak) even when the verify callback function is a class method. just a bit of another thing: i've fixed my real server, which served the clients in a loop of select/recv pairs, where only the first client was served at any one time even if the select call returned more than one readable sockets. the first client was always the server's socket on which it accepted new connections, so basically a test, which was a thousand clients connecting and then disconnecting, took the following order: a thousand client was connected, and just after that, when no new clients were connecting, were the clients disconnected from the server side. (if it is unclear, please let me know, i'll try to express myself more clearly). i do know, that this method (ie. not recv-ing from all the sockets the select returned is a BAD THING), and i will not return to that method again, but the clear text version of the server (without openssl) had no leak even in that case, while the openssl version did have leakage. if this information is useless, please disregard it. thanks for the help so far, zoltan From md9ms at mdstud.chalmers.se Wed Jan 15 11:21:05 2003 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 15 Jan 2003 11:21:05 +0100 Subject: [pyOpenSSL] memory leak? In-Reply-To: <3E241455.2070605@user.hu> References: <3E19AF55.8050700@user.hu> <1041875617.1247.29.camel@sjogren.ostkupan.studenthem.gu.se> <3E1C0A71.3010501@user.hu> <1042051315.1092.51.camel@sjogren.ostkupan.studenthem.gu.se> <3E1D4316.9020709@user.hu> <1042132422.1122.186.camel@sjogren.ostkupan.studenthem.gu.se> <3E241455.2070605@user.hu> Message-ID: <1042626064.1200.2.camel@sjogren.ostkupan.studenthem.gu.se> tis 2003-01-14 klockan 14.44 skrev Zoltan Felleg: > i,ve tested the CVS version, it works greatly for me (does not leak) > even when the verify callback function is a class method. Great, so the cyclic stuff seems to be working! > just a bit of another thing: i've fixed my real server, which served the > clients in a loop of select/recv pairs, where only the first client was > served at any one time even if the select call returned more than one > readable sockets. the first client was always the server's socket on > which it accepted new connections, so basically a test, which was a > thousand clients connecting and then disconnecting, took the following > order: a thousand client was connected, and just after that, when no new > clients were connecting, were the clients disconnected from the server > side. (if it is unclear, please let me know, i'll try to express myself > more clearly). i do know, that this method (ie. not recv-ing from all > the sockets the select returned is a BAD THING), and i will not return > to that method again, but the clear text version of the server (without > openssl) had no leak even in that case, while the openssl version did > have leakage. if this information is useless, please disregard it. > thanks for the help so far, Er. I don't think I understand you. Are there still versions of your program that leak, even with the CVS version of pyopenssl? I wouldn't be surprised, as I'm definitely not sure if I manage to free all the memory allocated by openssl (the non-existant documentation is very vague on reference counting and allocation). Please explain, ideally with a minimal program that still leaks. ;) /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: From md9ms at mdstud.chalmers.se Wed Jan 15 11:27:27 2003 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 15 Jan 2003 11:27:27 +0100 Subject: [pyOpenSSL] How to detect if a port has SSL running? In-Reply-To: <20030114131432.GA5231@terra.com.br> References: <20030114131432.GA5231@terra.com.br> Message-ID: <1042626447.1199.10.camel@sjogren.ostkupan.studenthem.gu.se> tis 2003-01-14 klockan 14.14 skrev Marlon Jabbur: > Hi list, > I've been using pyOpenSSL for a while and I have a problem that I could > not solve and maybe someone can help me. > My problem is how do I detect if a arbitrary port is running or not SSL? > When I establish a connection with a non-ssl server and I try to send > some data it hangs forever, I'm guessing that the problem is that the > SSL handshake never completes, but how can I catch this error in a > script? I think it depends on the SSL version, and I think it is better to ask this question on the openssl-users mailing list. I'm not sure you would *want* to be able to detect it (other than timing out) since it invites solutions on the form "Try SSL and if that fails, revert to non-encrypted communication" which in turn invites downgrade attacks from a malicious party. I think. :) /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: From mjabbur at terra.com.br Wed Jan 15 14:31:59 2003 From: mjabbur at terra.com.br (=?iso-8859-1?Q?mjabbur?=) Date: Wed, 15 Jan 2003 13:31:59 +0000 Subject: [pyOpenSSL] =?iso-8859-1?Q?Re:_[pyOpenSSL]_How_to_detect_if_a_port_has_SSL_running=3F?= Message-ID: My major problem is the timeout. If the server does not have SSL it will block forever. I've thought to use the alarm function but this script will also run on Windows which does not have support for alarm. Anyway I'll try the OpenSSL list. Thanks, Marlon ---------- Cabe?alho inicial ----------- De: pyopenssl-list-admin at lists.sourceforge.net Para: pyopenssl-list at lists.sourceforge.net C?pia: Data: 15 Jan 2003 11:27:27 +0100 Assunto: Re: [pyOpenSSL] How to detect if a port has SSL running? > tis 2003-01-14 klockan 14.14 skrev Marlon Jabbur: > > Hi list, > > I've been using pyOpenSSL for a while and I have a problem that I could > > not solve and maybe someone can help me. > > My problem is how do I detect if a arbitrary port is running or not SSL? > > When I establish a connection with a non-ssl server and I try to send > > some data it hangs forever, I'm guessing that the problem is that the > > SSL handshake never completes, but how can I catch this error in a > > script? > > I think it depends on the SSL version, and I think it is better to ask > this question on the openssl-users mailing list. > > I'm not sure you would *want* to be able to detect it (other than timing > out) since it invites solutions on the form "Try SSL and if that fails, > revert to non-encrypted communication" which in turn invites downgrade > attacks from a malicious party. I think. :) > > > /Martin > > From dave at immunitysec.com Wed Jan 15 14:24:28 2003 From: dave at immunitysec.com (Dave Aitel) Date: Wed, 15 Jan 2003 08:24:28 -0500 Subject: [pyOpenSSL] Re: [pyOpenSSL] How to detect if a port has SSL running? In-Reply-To: References: Message-ID: <20030115082428.01807587.dave@immunitysec.com> Have you tried timoutsocket.py? I quite like it and it works on Windows. -dave On Wed, 15 Jan 2003 13:31:59 +0000 "mjabbur" wrote: > My major problem is the timeout. If the server does not have SSL it > will block forever. I've thought to use the alarm function but this > script will also run on Windows which does not have support for alarm. > Anyway I'll try the OpenSSL list. > > Thanks, > Marlon > > ---------- Cabe?alho inicial ----------- > > De: pyopenssl-list-admin at lists.sourceforge.net > Para: pyopenssl-list at lists.sourceforge.net > C?pia: > Data: 15 Jan 2003 11:27:27 +0100 > Assunto: Re: [pyOpenSSL] How to detect if a port has SSL running? > > > tis 2003-01-14 klockan 14.14 skrev Marlon Jabbur: > > > Hi list, > > > I've been using pyOpenSSL for a while and I have a problem that I > could > > > not solve and maybe someone can help me. > > > My problem is how do I detect if a arbitrary port is running or > not SSL? > > > When I establish a connection with a non-ssl server and I try to > > > send some data it hangs forever, I'm guessing that the problem is > > > that > the > > > SSL handshake never completes, but how can I catch this error in a > > > script? > > > > I think it depends on the SSL version, and I think it is better to > > ask this question on the openssl-users mailing list. > > > > I'm not sure you would *want* to be able to detect it (other than > > timing out) since it invites solutions on the form "Try SSL and if > > that fails, revert to non-encrypted communication" which in turn > > invites downgrade attacks from a malicious party. I think. :) > > > > > > /Martin > > > > > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: Take your first step towards giving > > your online business a competitive advantage. Test-drive a Thawte SSL > certificate - our easy online guide will show you how. Click here to > get started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en > _______________________________________________ > pyopenssl-list mailing list > pyopenssl-list at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/pyopenssl-list > From zoltan.felleg at user.hu Wed Jan 15 17:37:15 2003 From: zoltan.felleg at user.hu (Zoltan Felleg) Date: Wed, 15 Jan 2003 17:37:15 +0100 Subject: [pyOpenSSL] memory leak? References: <3E19AF55.8050700@user.hu> <1041875617.1247.29.camel@sjogren.ostkupan.studenthem.gu.se> <3E1C0A71.3010501@user.hu> <1042051315.1092.51.camel@sjogren.ostkupan.studenthem.gu.se> <3E1D4316.9020709@user.hu> <1042132422.1122.186.camel@sjogren.ostkupan.studenthem.gu.se> <3E241455.2070605@user.hu> <1042626064.1200.2.camel@sjogren.ostkupan.studenthem.gu.se> Message-ID: <3E258E3B.1030503@user.hu> Martin Sj?gren wrote: > > Er. I don't think I understand you. Are there still versions of your > program that leak, even with the CVS version of pyopenssl? I wouldn't be > surprised, as I'm definitely not sure if I manage to free all the memory > allocated by openssl (the non-existant documentation is very vague on > reference counting and allocation). > > Please explain, ideally with a minimal program that still leaks. ;) > i'll try :) the server that still leaks is something like this: class server: def getmessage(self, timeout=None): rfds = self.client_co_list[:] rfds.insert(0, self.self_co) rs, ws, es = select.select(rfds, [], [], timeout) if rs == []: return 'no message' if rs.count(self.self_co): client_co, client_addr = self.self_co.accept() self.client_co_list.insert(0, client_co) return 'new connection' client_co = rs[0] client_id = client_co.fileno() raw_data = recvdata(client_co) if len(raw_data) == 0: self.client_co_list.remove(client_co) client_co.shutdown() client_co.close() return 'disconnect' return raw_data def serveclients(self): while True: message = self.getmessage() print message self.self_co of course is the Connection object the server listens on. now if the clients of this server are connecting/disconnecting fast enough, the disconnecting clients will not be deleted from the client_co_list until there are no new clients connecting, as if there are, they will be served before anything else, because the first object of the rfds is the server's Connection object, and one getmessage call will serve only the first object the select call returns. in this case (if the clients are connecting/disconnecting fast enough) this code still leaks if the connection objects are SSL objects, using simple sockets there is no leak at all. oh, and i just realising that i did not test the minimal server of the examples of the CVS version (or at least i can not recall its result). but the 0.5.1 version's example server does leak if the shutdown method is'nt commented out, and the clients are connecting/disconnecting fast enough. zoltan From md9ms at mdstud.chalmers.se Wed Jan 15 18:19:33 2003 From: md9ms at mdstud.chalmers.se (Martin =?ISO-8859-1?Q?Sj=F6gren?=) Date: 15 Jan 2003 18:19:33 +0100 Subject: [pyOpenSSL] Re: [pyOpenSSL] How to detect if a port has SSL running? In-Reply-To: <20030115082428.01807587.dave@immunitysec.com> References: <20030115082428.01807587.dave@immunitysec.com> Message-ID: <1042651173.1199.14.camel@sjogren.ostkupan.studenthem.gu.se> ons 2003-01-15 klockan 14.24 skrev Dave Aitel: > Have you tried timoutsocket.py? I quite like it and it works on Windows. Won't work. pyopenssl takes a shortcut and calls SSL_read and SSL_write directly instead of using the socket object's recv/send. Otherwise, I'd have to create my own BIO that packs and unpacks python strings a few zillion times... /Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Detta ?r en digitalt signerad meddelandedel URL: