Prev: Error building on cygwin
Next: What timeouts are required when reading SSL certificates withPython 2.6.4?
From: John Nagle on 1 Jun 2010 01:54
I'm converting some M2Crypto code to use the new "ssl" module, and
I'm concerned about protection against hung machines at the remote end.
With M2Crypto, getting timeout to work properly required much tweaking.
Here's the code. I've tried it on about fifteen domains, some of which
support SSL and some which don't. So far, it hasn't hung. Is there any further
protection I need?
port = httplib.HTTPS_PORT
sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock = ssl.wrap_socket(sk, ca_certs=certfile, cert_reqs=ssl.CERT_REQUIRED)
cert = sock.getpeercert() # ... process certificate data
Note that this doesn't send or receive any data on the SSL connection
once the handshake has been completed. It's just reading the remote
certificate as part of a host identity check. Then it drops the connection.