From: John Nagle on
I'm converting some M2Crypto code to use the new "ssl" module, and
I'm concerned about protection against hung machines at the remote end.
With M2Crypto, getting timeout to work properly required much tweaking.

Here's the code. I've tried it on about fifteen domains, some of which
support SSL and some which don't. So far, it hasn't hung. Is there any further
protection I need?

port = httplib.HTTPS_PORT
sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock = ssl.wrap_socket(sk, ca_certs=certfile, cert_reqs=ssl.CERT_REQUIRED)
cert = sock.getpeercert() # ... process certificate data
del sock
del sk

Note that this doesn't send or receive any data on the SSL connection
once the handshake has been completed. It's just reading the remote
certificate as part of a host identity check. Then it drops the connection.

John Nagle