[Twisted-Python] SSL: wrong version number
Voznesensky Vladimir
vovic at nfi.kiae.ru
Fri Jun 15 03:28:09 EDT 2007
Dear Jean-Paul,
Here is a bug/feature demonstrating example:
---8<---
from twisted.python.util import println
from twisted.protocols.basic import LineReceiver
from twisted.internet import protocol, reactor, defer, ssl
from twisted.python.failure import Failure
from OpenSSL import crypto, SSL
_CMD="""VERSION=MYPROXYv2
COMMAND=%d
USERNAME=%s
PASSPHRASE=%s
LIFETIME=%d\0""" % (0, "LOGIN", 'PASSPHRASE', 100)
WHERETO = ("myproxy.cern.ch",7512)
## Myproxy client protocol.
class MyproxyClient(protocol.Protocol):
def connectionMade(self):
self.transport.write('0') # GT compat. stuff.
self.transport.write(_CMD)
def dataReceived(self, data):
self.transport.loseConnection()
def connectionLost(self,
reason=protocol.connectionDone):
d = self.factory.deferred
if reason != protocol.connectionDone:
d.errback(reason)
else:
d.callback(data)
## Myproxy client factory.
class MyproxyClientFactory(protocol.ClientFactory):
protocol = MyproxyClient
def __init__(self):
self.deferred = defer.Deferred()
def clientConnectionFailed(self, connector, reason):
self.deferred.errback(reason)
## Context factory suitable for local needs.
class CF:
def getContext(self):
ctx = SSL.Context(SSL.SSLv3_METHOD)
# disable for compatibility with myproxy server (er,
globus)
# globus doesn't handle this case, apparently, and
instead
# chokes in proxy delegation code
ctx.set_options(0x00000800L)
return ctx
ctx = CF().getContext()
import socket
conn = SSL.Connection(ctx,socket.socket())
conn.connect(WHERETO)
conn.write('0')
conn.write(_CMD)
dat = conn.recv(8192)
print 'data received by blocking call\n', dat
conn.close()
del ctx
f = MyproxyClientFactory()
contextFactory = CF()
reactor.connectSSL(WHERETO[0], WHERETO[1], f,
contextFactory)
f.deferred.addCallbacks(
callback=lambda data:(println("data received",
data),reactor.stop()),
errback=lambda error:(println("an error occurred",
error),reactor.stop()))
reactor.run()
---8<---
Yours,
VV
On Thu, 14 Jun 2007 15:22:20 -0400
Jean-Paul Calderone <exarkun at divmod.com> wrote:
> On Thu, 14 Jun 2007 15:08:06 -0400, Jean-Paul Calderone
><exarkun at divmod.com> wrote:
>>
>>The server is using SSLv2. The traceback seems to
>>indicate the context is
>>set up for SSLv3. I can't tell how you created that
>>context object, nor am
>>I certain why one version of your code can establish a
>>connection while the
>>other cannot, but I would check the context object and
>>make sure it is using
>>either SSLv2 or SSLv23.
>>
>
> Oh, I should also say that SSLv2 is insecure and, if you
>can, you should
> really change that server to use at least SSLv3.
>
> Jean-Paul
>
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
More information about the Twisted-Python
mailing list