From: John Nagle on
Is bug #5103 relevant here? The one about the 30-minute connection hang?

John Nagle

John Nagle wrote:
> I'm converting some M2Crypto code to use the new "ssl" module, and
> I'm concerned about protection against hung machines at the remote end.
> With M2Crypto, getting timeout to work properly required much tweaking.
> Here's the code. I've tried it on about fifteen domains, some of which
> support SSL and some which don't. So far, it hasn't hung. Is there any
> further
> protection I need?
> port = httplib.HTTPS_PORT
> sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
> sock = ssl.wrap_socket(sk, ca_certs=certfile, cert_reqs=ssl.CERT_REQUIRED)
> sock.connect((domain,port))
> cert = sock.getpeercert() # ... process
> certificate data
> del sock
> del sk
> Note that this doesn't send or receive any data on the SSL connection
> once the handshake has been completed. It's just reading the remote
> certificate as part of a host identity check. Then it drops the
> connection.
> John Nagle