What timeouts are required when reading SSL certificates with Python2.6.4?

J

John Nagle

I'm converting some M2Crypto code to use the new "ssl" module, and
I'm concerned about protection against hung machines at the remote end.
With M2Crypto, getting timeout to work properly required much tweaking.

Here's the code. I've tried it on about fifteen domains, some of which
support SSL and some which don't. So far, it hasn't hung. Is there any further
protection I need?


port = httplib.HTTPS_PORT
sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock = ssl.wrap_socket(sk, ca_certs=certfile, cert_reqs=ssl.CERT_REQUIRED)
sock.connect((domain,port))
cert = sock.getpeercert() # ... process certificate data
del sock
del sk


Note that this doesn't send or receive any data on the SSL connection
once the handshake has been completed. It's just reading the remote
certificate as part of a host identity check. Then it drops the connection.

John Nagle
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top