M2Crypto hangs on this URL

[John Nagle]

There's something strange about this URL:

"https://sagar310.pontins.com/sraep/"

It hangs Firefox 2; there's no short timeout, the web page just gets
stuck in initial load for about ten minutes. Then
"The connection to sagar310.pontins.com was interrupted while the page was loading."

It hangs M2Crypto 0.17 on both Linux and Windows, for at least 4 hours.

What does the new SSL implementation do? (Haven't tried that yet;
waiting for MySQL support for Python 3.x before converting web apps.)

John Nagle

 

[John Nagle]

There's something strange about this URL:

"https://sagar310.pontins.com/sraep/"

It hangs Firefox 2; there's no short timeout, the web page just gets
stuck in initial load for about ten minutes. Then
"The connection to sagar310.pontins.com was interrupted while the page
was loading."

It hangs M2Crypto 0.17 on both Linux and Windows, for at least 4 hours.

Correction: Linux is still hung at 5 hours, but Windows timed out
after about 15 minutes.

John Nagle

 

[John Nagle]

Correction: Linux is still hung at 5 hours, but Windows timed out
after about 15 minutes.

Further update: M2Crypto on Windows now hung on that URL for hours. Last time,
the connection apparently failed and the program got unstuck.

It's waiting for something to happen inside SSL connection setup.

John Nagle

 

[John Nagle]

....
It looks to me like the SSL handshake is not done properly from the
server side.

Compare the output of:
openssl s_client -host sagar310.pontins.com -port 443 -debug -showcerts
-msg

With (for example):
openssl s_client -host www.google.com -port 443 -debug -showcerts -msg

OpenSSL is clearly not happy with that site. But it doesn't hang.

openssl s_client -host sagar310.pontins.com -port 443 -debug -showcerts -msg

eventually prints

"Verify return code: 19 (self signed certificate in certificate chain)"
That's weird, because there's a Verisign certificate in the chain.
That site is somehow mishandling its certs.

My problem, though, is that M2Crypto 0.17 is hanging for hours to days
on those connections.

John Nagle

 

[Heikki Toivonen]

There's something strange about this URL:

"https://sagar310.pontins.com/sraep/"

The following program finishes fine for me using M2Crypto 0.20beta1 +
openssl 0.9.8g. Like Martin mentioned in another message, maybe someone
fixed the site.

from M2Crypto import SSL
ctx = SSL.Context()
# If you comment out the next 2 lines, the connection won't be secure
#ctx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, depth=9)
#if ctx.load_verify_locations('ca.pem') != 1: raise Exception('No CA certs')
c = SSL.Connection(ctx)
c.connect(('sagar310.pontins.com', 443))
c.send('GET /sraep/ \n')
c.close()