[Twisted-Python] getpeername from verify callback
adi at roiban.ro
Fri Oct 19 02:56:00 EDT 2012
On 19 October 2012 09:28, Glyph <glyph at twistedmatrix.com> wrote:
> On Oct 18, 2012, at 9:41 PM, Nathan Mower <nathanm at securitymetrics.com> wrote:
>> The following sample code worked until Twisted began to prefer memory BIOs over socket BIOs. Now it produces this error...
>> exceptions.AttributeError: 'NoneType' object has no attribute 'getpeername'
>> ...on line 9 where getpeername() is called by the verify() callback.
>> Is there any way to obtain the peer name, given the OpenSSL.SSL.Connection object passed into verify()? Anything that surfaces the underlying socket? (Perhaps something similar to what is done in connectionMade(), which does work.) Or alternatively, is there a way to tell the reactor to employ socket BIOs?
> The 'socket' attribute that you're accessing is not a documented attribute of ITransport, so in a way I'm glad that your code broke - this wasn't a valid way to use Twisted in the first place :). See <http://twistedmatrix.com/documents/current/api/twisted.internet.interfaces.ITransport.html>.
> Now, as it happens, <http://twistedmatrix.com/documents/current/api/twisted.protocols.tls.TLSMemoryBIOProtocol.html> implements <http://twistedmatrix.com/documents/current/api/twisted.internet.interfaces.ISSLTransport.html> which is a subinterface of <http://twistedmatrix.com/documents/current/api/twisted.internet.interfaces.ITCPTransport.html>, which is therefore guaranteed to have a getPeer method <http://twistedmatrix.com/documents/current/api/twisted.internet.interfaces.ITCPTransport.html#getPeer> that returns an IPv4Address <http://twistedmatrix.com/documents/current/api/twisted.internet.address.IPv4Address.html> or IPv6Address <http://twistedmatrix.com/documents/current/api/twisted.internet.address.IPv6Address.html>, both of which have a 'host' attribute that is the hostname.
> So, in short, substitute "self.transport.getPeer().host" and your code should work again.
Thanks for the explanation about new interfaces.
I think that the initial question was about the
SSL.Context.set_verify(connection, certificate, errnum, errdepth,
More information about the Twisted-Python