Heikki Toivonen wrote:
na***@animats.com wrote:
> That's a problem for me. I need short timeouts; I'm accessing sites
that might or might not have SSL support, and I need to quickly time
out when there's no SSL server.
You should be able to do short timeouts, just not using the global
setdefaulttimeout. Have you tried Connection.set_socket_read/write_timeout?
Yes. That does not affect the connect timeout; it's only effective once
the connection has been opened. And adjusting the session timeout
just recreates the blocking/non blocking problem.
Incidentally, "get_socket_read_timeout()" doesn't work. Generates
"EXCEPTION at socket level: unpack str size does not match format",
every time, at least with Python 2.4 on Windows. The lower level
function returns one number as a string, like "7200", and the unpack
function tries to unpack it as "ll", which fails.
Also like I mentioned before, if you use the Twisted wrapper and let
Twisted handle network stuff you should be fine.
That would mean struggling with Twisted and dealing with its bugs.
(For example, has the MySQLdb mess been resolved for Twisted's API?)
This isn't a long-running application; it usually runs as a CGI program.
So Twisted is inappropriate.
M2Crypto and pyOpenSSL (and pyOpenSSL-extended, which you might want to
take a look at as well) are implemented pretty differently, so merging
seems unlikely. They are pretty small code wise, though, so it is not an
impossible task.
That seened good idea, and so I downloaded the source and tried to build
it on a Windows machine to run with Python 2.4. But that build needs
(exactly) Visual Studio 7.1, which I don't have. It also wants a specific
version of OpenSSL, and has a build file which seems to assume a 1998 version
of Visual C++. The last change was in 1995, and it's still at an 0.x version,
so it's effectively abandonware. I have some doubts that it really works
any more. I saw some Python 2.2/2.3 specific code in there.
I could try building on a Linux system, but it's useful to me if Python
works on both Windows and Linux.
>
Personally I think I'd prefer if Python stdlib contained a better SSL
module that did at least all the checks required for safe SSL
connection. (Yeah, yeah, maybe I need to write it myself if nobody else
gets to it;)
What I need is proper SSL operation, certificate chain validation,
useful exception info when a connection fails (including why), and
read acess to the certificate itself in some reasonably sane form.
And I need to time out an SSL connection if it can't connect and
verify within 4 seconds. It's embarassing that this doesn't work,
despite four different wrappers for OpenSSL.
I'm willing to spend a few hundred dollars towards making this happen.
John Nagle
