If you set a socket to non-blocking and then try to
call socket.ssl on it, it fails because you are doing
all the setup and calling SSL_connect as an
indivisible operation in the object constructor. So
you can't catch SSL_ERROR_WANT_READ/WRITE and restart
SSL_connect because there is no way from python to
call SSL_connect. (Don't tell me not to set the socket
non-blocking - I need to implement timeouts. And don't
tell me to use alarm(), my program is multi-threaded.)
For the same reason, there is no way in Python to
write an SSL server. The only way to create an SSL
object is socket.ssl and it is hardcoded to call
SSL_connect, you can't call SSL_accept.
Please can you make it so that a new function in the
socket module creates a proper SSL object (that
preferably has actual useful methods to set the
options, etc) that is not connected in its constructor
so that you can then call SSL_connect or SSL_accept.
It could then also have a makefile method like socket
objects which would implement read and write properly
(i.e. catching and handling
WANT_READ/WANT_WRITE/ZERO_RETURN). You could even then
make it so that it has methods to set the various
options that OpenSSL provides rather than hard-coding
them in the SSLObject constructor.
Umm, sorry if I sound tetchy but due to the complete
lack of documentation of the socket SSL facilities
I've just spent ages trying to work out why my program
wasn't working, only to discover that it's not
possible to get it working.
|