473,695 Members | 1,898 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

httplib and HTTPS Connections

Helo,

This is the first time I have cared about httplib's HTTPSConnection .

In the docs I read "Note: HTTPS support is only available if the socket
module was compiled with SSL support."

Although my small test script "seems" to work when connecting to a
webserver via HTTPS I am really not sure.

In other words it worked the first time. I never trust anything that
seems to work right the first time. ;-)

My question is how can I tell if the criteria in the "NOTE:" is met?
How do I know that the socket module was indeed compled with SSL
support?

The reason this is important is that I am building a credit card
payment system.

Here is my little test script
=============== =========
Python 2.4.3

import httplib
conn = httplib.HTTPSCo nnection('***** *****')
conn.request('G ET' '/index.html')
resp = conn.getrespons e()

page = resp.read()
print page

Oct 17 '06 #1
5 6810

runningwild wrote:
Helo,

This is the first time I have cared about httplib's HTTPSConnection .

In the docs I read "Note: HTTPS support is only available if the socket
module was compiled with SSL support."

Although my small test script "seems" to work when connecting to a
webserver via HTTPS I am really not sure.

In other words it worked the first time. I never trust anything that
seems to work right the first time. ;-)

My question is how can I tell if the criteria in the "NOTE:" is met?
How do I know that the socket module was indeed compled with SSL
support?

The reason this is important is that I am building a credit card
payment system.

Here is my little test script
=============== =========
Python 2.4.3

import httplib
conn = httplib.HTTPSCo nnection('***** *****')
conn.request('G ET' '/index.html')
resp = conn.getrespons e()

page = resp.read()
print page
Quick followup:

I just got off the phone with my sys admin. Python was compiled with
the ssl flag turned on.
ssl does work other applications.

I am assuming we are covered. I just want to be sure.

Oct 17 '06 #2
runningwild wrote:
This is the first time I have cared about httplib's HTTPSConnection .
Please note that the Python builtin SSL support is not really secure. It
does not make sure that you connect to the site you think you are
connecting to, for example.

If you really need secure SSL (what is the point of SSL if not secure I
ask) you should look at other Python modules. There are several to
choose from, for example M2Crypto (I am the maintainer of that), TLS
Lite, PyOpenSSL, PyOpenSSL-extended, and possibly others that I am
forgetting right now.

--
Heikki Toivonen
Oct 18 '06 #3
runningwild wrote:
This is the first time I have cared about httplib's HTTPSConnection .
Please note that the Python builtin SSL support is not really secure. It
does not make sure that you connect to the site you think you are
connecting to, for example.

If you really need secure SSL (what is the point of SSL if not secure I
ask) you should look at other Python modules. There are several to
choose from, for example M2Crypto (I am the maintainer of that), TLS
Lite, PyOpenSSL, PyOpenSSL-extended, and possibly others that I am
forgetting right now.

--
Heikki Toivonen
Oct 18 '06 #4

Heikki Toivonen wrote:
runningwild wrote:
This is the first time I have cared about httplib's HTTPSConnection .

Please note that the Python builtin SSL support is not really secure. It
does not make sure that you connect to the site you think you are
connecting to, for example.

If you really need secure SSL (what is the point of SSL if not secure I
ask) you should look at other Python modules. There are several to
choose from, for example M2Crypto (I am the maintainer of that), TLS
Lite, PyOpenSSL, PyOpenSSL-extended, and possibly others that I am
forgetting right now.

--
Heikki Toivonen
Thanks Heikki,

I downloaded the varioius packages and read through the source code and
docs that came with them.

I am trying to get M2Crypto to work on my workstation. (WinXP/Cygwin,
Python 2.4.4 under cygwin)

Everything seemed to compile and install correctly.

When I try to run https_cli.py however I get the following exception:

LOOP: SSL connect: before/connect initialization
INFO: SSL connect: SSLv2 write client hello A
Traceback (most recent call last):
File "https_cli. py", line 41, in ?
test_httpslib()
File "https_cli. py", line 21, in test_httpslib
h.endheaders()
File "/usr/local/lib/python2.4/httplib.py", line 798, in endheaders
self._send_outp ut()
File "/usr/local/lib/python2.4/httplib.py", line 679, in _send_output
self.send(msg)
File "/usr/local/lib/python2.4/httplib.py", line 646, in send
self.connect()
File "/usr/local/lib/python2.4/site-packages/M2Crypto/httpslib.py",
line 43, in connect
self.sock.conne ct((self.host, self.port))
File
"/usr/local/lib/python2.4/site-packages/M2Crypto/SSL/Connection.py",
line 154, in connect
ret = self.connect_ss l()
File
"/usr/local/lib/python2.4/site-packages/M2Crypto/SSL/Connection.py",
line 147, in connect_ssl
return m2.ssl_connect( self.ssl)
M2Crypto.SSL.SS LError: no ciphers available

The no ciphers available seems to be comming from the ssl installation
so I decided to test it with a different client.

%links https://localhost:9443/

This worked just fine showing me the directory listing and allowing me
to navigate.
This was also true for firefox when connecting to
https://localhost:9443/ from the server in
demos/httts.howto/orig_https_srv. py

Any idea what is going on here?

Oct 18 '06 #5
runningwild wrote:
When I try to run https_cli.py however I get the following exception:
This worked just fine showing me the directory listing and allowing me
to navigate.
This was also true for firefox when connecting to
https://localhost:9443/ from the server in
demos/httts.howto/orig_https_srv. py

Any idea what is going on here?
Sorry about that. I should put in prominent warnings that the demos
aren't actively maintained.

In this case the problem is that the old demo wants to use sslv2, but
the updated Context constructor explicitly disables that, so we don't
have any ssl versions available to do the connection.

The easiest way to fix this is to take out the argument to SSL.Context()
and let it use the defaults (defaults to all ssl versions).

I am fixing that demo as we speak, so it will be included in the next
M2Crypto release.

--
Heikki Toivonen
Oct 18 '06 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
5214
by: Martin Fuzzey | last post by:
I am using xmlrpclib (based on httplib) in Python 2.3 on Mandrake Linux. When my client attempts to connect to a server using a "http://localhost:port" style URL there is a long delay before the connection is established (it finally works). This certainly smells a name resolution problem but ping localhost, telnet localhost etc all work fine.
2
2177
by: Glauco | last post by:
I'm using a library based on httplib. Recently i've done a conversion for use of https with a key and certificate file. This goes perfectly :-) . Now, the problem is passing throw an http_proxy. It seems because httplib (based on socket.py) try to autenticate on the proxy. I'm only with this problem ? it's impossible :-|
4
3807
by: Roger Binns | last post by:
I have just spent several weeks mashing xmlrpc, httplib and SSL (from M2Crypto) to work together. The current standard library has several problems: - Builtin SSL is pretty much useless if you actually care about security - Poor HTTP authentication support - No server side stuff (SSL, HTTP authentication etc) - Pathological coding to ensure that at most one request is sent on a connection, rather than reusing an already open
0
2447
by: Terry Kerr | last post by:
Hi, I have an app that makes a https POST to a remote server that I have no control over. The app runs fine in python 2.1.3 with socket.ssl compiled with openssl-0.9.6, however it will not run in python 2.3.3 compiled with openssl-0.9.7d. The script below demonstrates the problem. ============================================ import httplib path = "/cmaonline.nsf/ePayForm?OpenForm"
0
2931
by: Robert | last post by:
did you solve this problem? It seems to be still present here with py2.3.5. Robert -- From: Manish Jethani <manish.j@gmx.net> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en
4
3703
by: michaelparkin | last post by:
Hi, Sorry to post what might seem like a trivial problem here, but its driving me mad! I have a simple https client that uses httplib to post data to a web server. When I post over http & https using curl the data is recieved by the web server with no problems.
2
2890
by: MarkAurit | last post by:
I have a web service Im using on a machine via http in a dmz that works file. Im now attempting to use it in a second server, this one using https. When I attempt to add the Web Reference in vs.net 1.1, I get the following message: ***************************************** There was an error downloading 'https://<dns name>/ScheduledJobs.asmx?op=GetMetrics'. The underlying connection was closed: Unable to connect to the remote server.
4
6520
by: Jason P | last post by:
Basically we have a web method with a dynamic URL. The client is developed in C++ and I've been using the webReference.SetUrl( "http://test.example.com..." ) method successfully with various web method URLs. However, when we switched to using a secure connection, the call to webReference.SetUrl( "https://test.example.com..." ) no longer functions. The SetUrl() method is actually successful, but any following calls in to the web...
6
2405
by: Haakon Riiser | last post by:
After a long debugging session while scripting my webmail, I believe I have traced the problem to the way httplib sends POST requests. I have compared tcpdump listings from Python 2.4.3 and 2.5.0's httplib (via urllib/urllib2), Perl's LWP::UserAgent 2.033 and Firefox 2.0. Only Python sends the request in such a way that the mailserver closes the connection before I get any data from the POST request (immediate FIN packet after the POST...
0
8587
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9005
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
8867
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
7688
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
0
5847
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
4599
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3025
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2291
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
1987
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.