classification
Title: socket-module SSL is broken
Type: Stage:
Components: Extension Modules Versions: Python 2.2
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: akuchling, ghaering, jribbens, nobody
Priority: normal Keywords:

Created on 2002-01-26 19:05 by jribbens, last changed 2008-09-04 01:36 by janssen. This issue is now closed.

Messages (4)
msg9003 - (view) Author: Jon Ribbens (jribbens) * Date: 2002-01-26 19:05
If you set a socket to non-blocking and then try to 
call socket.ssl on it, it fails because you are doing 
all the setup and calling SSL_connect as an 
indivisible operation in the object constructor. So 
you can't catch SSL_ERROR_WANT_READ/WRITE and restart 
SSL_connect because there is no way from python to 
call SSL_connect. (Don't tell me not to set the socket 
non-blocking - I need to implement timeouts. And don't 
tell me to use alarm(), my program is multi-threaded.)

For the same reason, there is no way in Python to 
write an SSL server. The only way to create an SSL 
object is socket.ssl and it is hardcoded to call 
SSL_connect, you can't call SSL_accept.

Please can you make it so that a new function in the 
socket module creates a proper SSL object (that 
preferably has actual useful methods to set the 
options, etc) that is not connected in its constructor 
so that you can then call SSL_connect or SSL_accept. 
It could then also have a makefile method like socket 
objects which would implement read and write properly 
(i.e. catching and handling 
WANT_READ/WANT_WRITE/ZERO_RETURN). You could even then 
make it so that it has methods to set the various 
options that OpenSSL provides rather than hard-coding 
them in the SSLObject constructor.

Umm, sorry if I sound tetchy but due to the complete 
lack of documentation of the socket SSL facilities 
I've just spent ages trying to work out why my program 
wasn't working, only to discover that it's not 
possible to get it working.
msg9004 - (view) Author: Gerhard Häring (ghaering) * (Python committer) Date: 2002-05-03 22:27
Logged In: YES 
user_id=163326

If you need to write SSL servers *now*, you can use one of
the various third-party SSL libraries for Python: m2crypto,
pyOpenSSL, POW.

Fixing Python's SSL will most probably require a full
rewrite, and there's no consensus yet about if and how to do
this.
msg9005 - (view) Author: Nobody/Anonymous (nobody) Date: 2002-07-02 01:34
Logged In: NO 

This is a vote for better ssl support in Python in general.  Please.
msg9006 - (view) Author: A.M. Kuchling (akuchling) * (Python committer) Date: 2004-06-05 20:58
Logged In: YES 
user_id=11375

Filed as RFE #967275; closing this bug.
History
Date User Action Args
2008-09-04 01:36:22janssensetresolution: later -> fixed
2002-01-26 19:05:52jribbenscreate