[PYTHON-CRYPTO] Execute connect_ssl() twice to connect - is this right?
Heikki Toivonen
heikki at OSAFOUNDATION.ORG
Thu Mar 1 22:36:19 CET 2007
I'll quantify what I find strange in the code...
Latitia Haskins wrote:
> #----------- server ----------------
>>>> import M2Crypto
>>>> ss = M2Crypto.SSL.ssl_dispatcher()
I haven't actually used the dispatcher or tested it much or perhaps at
all in the last 3 years.
The test server I have mainly used is echod-eg1.py.
>>>> ss.ssl_ctx = M2Crypto.SSL.Context('tlsv1')
>>>> ss.ssl_ctx.set_cipher_list('ADH-AES128-SHA')
>>>> ss.ssl_ctx.set_tmp_dh('dhparam.pem')
>>>> ss.ssl_ctx.set_tmp_dh_callback()
>>>> ss.ssl_ctx.set_info_callback()
set_info_callback can cause problems in some cases, like multithreaded
programs. I don't think it is a problem here, though.
As an SSL server I would also have expected it to load a server
certificate into the context.
>>>> ss.create_socket(ss.ssl_ctx)
>>>> ss.set_reuse_addr()
>>>> ss.socket.setblocking(0)
>>>> ss.bind(('server.home.com ', 8888))
>>>> ss.listen (5)
>>>> sa = ss.socket.accept()
It seems like a lot of work when SSL.Connection has an accept() method.
> #--------- client -------------------------------
>>>> import M2Crypto
>>>> import socket
>>>> sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
>>>> ctx = M2Crypto.SSL.Context('tlsv1')
>>>> ctx.set_cipher_list('ADH-AES128-SHA')
>>>> ctx.set_tmp_dh('dhparam.pem')
>>>> ctx.set_tmp_dh_callback()
>>>> ctx.set_info_callback ()
>>>> s = M2Crypto.SSL.Connection(ctx, sock)
Again, I wonder why you create socket separately when
SSL.Connection.__init__ can do it for you.
>>>> s.addr=('server.home.com', 8888)
>>>> s.socket.connect(s.addr)
>>>> s.setup_ssl()
>>>> s.set_connect_state()
>>>> s.setblocking(0)
>>>> s.connect_ssl()
Again seems like a lot of work when SSL.Connection has connect() method.
--
Heikki Toivonen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20070301/b219e2b7/attachment.pgp>
More information about the python-crypto
mailing list