From hgibson at abling.com Thu Jun 26 11:44:39 2008 From: hgibson at abling.com (Hugh Gibson) Date: Thu, 26 Jun 2008 10:44:39 +0100 Subject: [pyOpenSSL] pyOpenSSL and select compatibility under Windows Message-ID: <48636507.7090808@abling.com> Hi, We have a server written in Python using a select() loop on the main thread to drive socket IO, with our own HTTP 1.1 implementation. It uses worker threads to process requests. At present login to our AJAX application is handled by our own challenge/response system but we want to move to SSL. I'm trying to determine if pyOpenSSL sockets are compatible with select() under Windows so that we can slot them into place. It seems from http://docs.python.org/lib/module-select.html that there might be problems: "On Windows, the underlying select() function is provided by the WinSock library, and does not handle file descriptors that don't originate from WinSock." Has anyone used this combination successfully? I've tried stunnel and that works fine enabling SSL connections to our server, but I need a way to determine if a connection came via stunnel or directly otherwise a client could connect directly to the server. Hugh From exarkun at divmod.com Thu Jun 26 13:52:33 2008 From: exarkun at divmod.com (Jean-Paul Calderone) Date: Thu, 26 Jun 2008 07:52:33 -0400 Subject: [pyOpenSSL] pyOpenSSL and select compatibility under Windows In-Reply-To: <48636507.7090808@abling.com> Message-ID: <20080626115233.4714.736868388.divmod.quotient.13396@ohm> On Thu, 26 Jun 2008 10:44:39 +0100, Hugh Gibson wrote: >Hi, > >We have a server written in Python using a select() loop on the main >thread to drive socket IO, with our own HTTP 1.1 implementation. It uses >worker threads to process requests. At present login to our AJAX >application is handled by our own challenge/response system but we want >to move to SSL. > >I'm trying to determine if pyOpenSSL sockets are compatible with >select() under Windows so that we can slot them into place. > >It seems from http://docs.python.org/lib/module-select.html that there >might be problems: > "On Windows, the underlying select() function is provided by the > WinSock library, and does not handle file descriptors that don't > originate from WinSock." > >Has anyone used this combination successfully? > >I've tried stunnel and that works fine enabling SSL connections to our >server, but I need a way to determine if a connection came via stunnel >or directly otherwise a client could connect directly to the server. OpenSSL.SSL.Connection objects just wrap Python socket objects. Since the latter works with select, so does the former. Jean-Paul From hgibson at abling.com Thu Jun 26 14:47:47 2008 From: hgibson at abling.com (Hugh Gibson) Date: Thu, 26 Jun 2008 13:47:47 +0100 Subject: [pyOpenSSL] pyOpenSSL and select compatibility under Windows In-Reply-To: <20080626115233.4714.736868388.divmod.quotient.13396@ohm> References: <20080626115233.4714.736868388.divmod.quotient.13396@ohm> Message-ID: <48638FF3.9090408@abling.com> Jean-Paul Calderone wrote, on 26/06/2008 12:52: > OpenSSL.SSL.Connection objects just wrap Python socket objects. Since > the latter works with select, so does the former. Thanks, that gives me some confidence to give it a go. I didn't want to waste time. Regarding stunnel: a simple configuration of the firewall will prevent any problems with the internal non-ssl socket being accessed from outside the server. Also note that its licence is GPL which is probably not an issue as it can just be downloaded and installed separately as part of a server package. Hugh