Message 56295 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	chris.stawarz
Recipients	chris.stawarz
Date	2007-10-09.22:48:15
SpamBayes Score	0.0416495
Marked as misclassified	No
Message-id	<1191970098.04.0.2942232647.issue1251@psf.upfronthosting.co.za>
In-reply-to

Content
The current version of the ssl module doesn't support non-blocking creation of SSLSocket objects. The reason for this is that the SSL handshaking (SSL_connect/SSL_accept) takes place during the construction of the SSLContext object (in newPySSLObject). This means that if the socket being wrapped is non-blocking, and the handshake fails with SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE, then the entire SSLContext is scrapped, and newPySSLObject must be run again in its entirety. Unfortunately, restarting from scratch on the same socket appears to confuse the remote host, and the new attempt fails. The attached patch fixes this problem by removing the handshaking code from newPySSLObject and adding a do_handshake method to SSLContext. It also adds a new parameter (do_handshake_on_connect) to the SSLSocket constructor and the wrap_socket function. The default value of the parameter is True, which preserves the current behavior of the module by immediately calling do_handshake after sslwrap. If do_handshake_on_connect is set to False, then the caller is responsible for calling do_handshake. This allows code that uses non-blocking sockets to first create the SSLSocket and then iteratively call do_handshake and select.select until the process completes (which is exactly how non-blocking reads and writes are handled).

The current version of the ssl module doesn't support non-blocking
creation of SSLSocket objects.  The reason for this is that the SSL
handshaking (SSL_connect/SSL_accept) takes place during the
construction of the SSLContext object (in newPySSLObject).  This means
that if the socket being wrapped is non-blocking, and the handshake
fails with SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE, then the entire
SSLContext is scrapped, and newPySSLObject must be run again in its
entirety.  Unfortunately, restarting from scratch on the same socket
appears to confuse the remote host, and the new attempt fails.

The attached patch fixes this problem by removing the handshaking code
from newPySSLObject and adding a do_handshake method to SSLContext.
It also adds a new parameter (do_handshake_on_connect) to the
SSLSocket constructor and the wrap_socket function.  The default value
of the parameter is True, which preserves the current behavior of the
module by immediately calling do_handshake after sslwrap.  If
do_handshake_on_connect is set to False, then the caller is
responsible for calling do_handshake.  This allows code that uses
non-blocking sockets to first create the SSLSocket and then
iteratively call do_handshake and select.select until the process
completes (which is exactly how non-blocking reads and writes are
handled).

Files
File name	Uploaded
ssl_nonblocking_handshake_patch.txt	chris.stawarz, 2007-10-09.22:48:15

History
Date	User	Action	Args
2007-10-09 22:48:18	chris.stawarz	set	spambayes_score: 0.0416495 -> 0.0416495 recipients: + chris.stawarz
2007-10-09 22:48:18	chris.stawarz	set	spambayes_score: 0.0416495 -> 0.0416495 messageid: <1191970098.04.0.2942232647.issue1251@psf.upfronthosting.co.za>
2007-10-09 22:48:17	chris.stawarz	link	issue1251 messages
2007-10-09 22:48:17	chris.stawarz	create