[Twisted-Python] SSL problem
Jean-Paul Calderone
exarkun at divmod.com
Thu Dec 21 09:54:36 EST 2006
On Thu, 21 Dec 2006 00:49:44 -0600, Steve Freitas <sflist at ihonk.com> wrote:
>Hi all.
>
>I'm having trouble getting SSL working properly. I'm running a modified
>t.m.pop3.POP3 server and it was running peachy on port 110, no problems
>under real-world load, so I thought it'd be simple enough to add SSL
>support by changing this...
>
>INTERFACES = ('1.2.3.4','4.5.6.7', etc.)
>
>for iface in INTERFACES:
> reactor.listenTCP(110, myPop3server, interface=iface)
>reactor.run()
>
>...to this:
>
>INTERFACES = ('1.2.3.4','4.5.6.7', etc.)
>
>sslContext = ssl.DefaultOpenSSLContextFactory(SSL_PRIVATE_KEY_FILE,
>SSL_CERTIFICATE_FILE)
>
>for iface in INTERFACES:
> reactor.listenTCP(110, myPop3server, interface=iface)
> reactor.listenSSL(995, myPop3server, interface=iface,
>contextFactory=sslContext)
>reactor.run()
>
>Which worked fine when hitting it with a single client from my machine,
>but failed miserably when hitting it from mail2web.com. Lots of errors
>loading the message list and the messages. The log showed mail2web
>connecting and then immediately dropping the connection. I tried
>changing the code so I instantiated one sslContext per call to
>listenSSL. That made it much better, but still not perfect. The errors
>persisted.
>
>So I tried dropping the calls to listenSSL, and wrapped the server with
>stunnel. That worked perfectly, except since my host doesn't support
>transparent proxying, my twisted app doesn't see the connecting client's
>IP, and I need that, so that's not an option. It does implicate
>twisted's particular flavor of SSL in my problems, though.
>
>I don't know much about SSL, but I searched the twisted list and
>couldn't find anything that helped, with the possible exception of a
>query about support for SSL session resumption. I don't know what it is,
>but it sounds useful. Anyway, if anybody could toss an idea or two my
>way, I'd appreciate it.
It's pretty difficult to say what the problem is without knowing the
specific error which is occurring, or having a complete example which
can reproduce it. I'd _guess_ your context object isn't configured
quite right. If you can post a complete example which reproduces the
problem, it would be much easier to diagnose. At the very least, you
should share the SSL errors which are occurring.
Jean-Paul
More information about the Twisted-Python
mailing list