[Twisted-Python] SSL: wrong version number

Voznesensky Vladimir vovic at nfi.kiae.ru
Fri Jun 15 03:28:09 EDT 2007


Dear Jean-Paul,

Here is a bug/feature demonstrating example:

---8<---
from twisted.python.util import println

from twisted.protocols.basic import LineReceiver
from twisted.internet import protocol, reactor, defer, ssl
from twisted.python.failure import Failure
from OpenSSL import crypto, SSL

_CMD="""VERSION=MYPROXYv2
COMMAND=%d
USERNAME=%s
PASSPHRASE=%s
LIFETIME=%d\0""" % (0, "LOGIN", 'PASSPHRASE', 100)
WHERETO = ("myproxy.cern.ch",7512)

## Myproxy client protocol.
class MyproxyClient(protocol.Protocol):

   def connectionMade(self):
     self.transport.write('0')   # GT compat. stuff.
     self.transport.write(_CMD)

   def dataReceived(self, data):
     self.transport.loseConnection()

   def connectionLost(self, 
reason=protocol.connectionDone):
     d = self.factory.deferred
     if reason != protocol.connectionDone:
       d.errback(reason)
     else:
       d.callback(data)

## Myproxy client factory.
class MyproxyClientFactory(protocol.ClientFactory):
   protocol = MyproxyClient

   def __init__(self):
     self.deferred = defer.Deferred()

   def clientConnectionFailed(self, connector, reason):
     self.deferred.errback(reason)

## Context factory suitable for local needs.
class CF:
   def getContext(self):
     ctx = SSL.Context(SSL.SSLv3_METHOD)
     # disable for compatibility with myproxy server (er, 
globus)
     # globus doesn't handle this case, apparently, and 
instead
     # chokes in proxy delegation code
     ctx.set_options(0x00000800L)

     return ctx

ctx = CF().getContext()
import socket
conn = SSL.Connection(ctx,socket.socket())
conn.connect(WHERETO)
conn.write('0')
conn.write(_CMD)
dat = conn.recv(8192)
print 'data received by blocking call\n', dat
conn.close()
del ctx

f = MyproxyClientFactory()
contextFactory = CF()
reactor.connectSSL(WHERETO[0], WHERETO[1], f, 
contextFactory)
f.deferred.addCallbacks(
       callback=lambda data:(println("data received", 
data),reactor.stop()),
       errback=lambda error:(println("an error occurred", 
error),reactor.stop()))
reactor.run()
---8<---

Yours,
VV

On Thu, 14 Jun 2007 15:22:20 -0400
  Jean-Paul Calderone <exarkun at divmod.com> wrote:
> On Thu, 14 Jun 2007 15:08:06 -0400, Jean-Paul Calderone 
><exarkun at divmod.com> wrote:
>>
>>The server is using SSLv2.  The traceback seems to 
>>indicate the context is
>>set up for SSLv3.  I can't tell how you created that 
>>context object, nor am
>>I certain why one version of your code can establish a 
>>connection while the
>>other cannot, but I would check the context object and 
>>make sure it is using
>>either SSLv2 or SSLv23.
>>
> 
> Oh, I should also say that SSLv2 is insecure and, if you 
>can, you should
> really change that server to use at least SSLv3.
> 
> Jean-Paul
> 
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python





More information about the Twisted-Python mailing list