select + ssl

[Ktm]

Hello,

I don't have the same behaviour with two codes who are quite the same,
one using SSL, the other not. I tested the programs with stunnel and
telnet , respectively.

Here are the first code :
------------------------------------------------------------------------------------------------------------------------------------------------
#!/usr/bin/python

from select import select
import socket

if __name__ == '__main__':
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('', 6001))
s.listen(5)

ready_read = {}
ready_send = {}

ready_read = s
while True:
rs, ws, _ = select(ready_read.keys(), ready_send.keys(), [], 2)
print '.'
for r in rs:
if r == s:
(cli, addr) = s.accept()
ready_send[cli] = cli
ready_read[cli] = cli
else:
ret = r.recv(1000)
print 'ret =', ret
for w in ws:
w.send('you have to give up')
------------------------------------------------------------------------------------------------------------------------------------------------


The client receive the 'you have to give up' sentence every two seconds.

The second code is :
------------------------------------------------------------------------------------------------------------------------------------------------


#!/usr/bin/python

from select import select
import socket
from OpenSSL import SSL
import os

def verify_cb():
return ok

if __name__ == '__main__':
dir = ''
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.set_options(SSL.OP_NO_SSLv2)
ctx.set_verify(SSL.VERIFY_NONE, verify_cb)
ctx.use_privatekey_file (os.path.join(dir, 'server.pkey'))
ctx.use_certificate_file(os.path.join(dir, 'server.cert'))
ctx.load_verify_locations(os.path.join(dir, 'CA.cert'))

s = SSL.Connection(ctx, socket.socket(socket.AF_INET,
socket.SOCK_STREAM))
#s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('', 6000))
s.listen(5)
s.setblocking(0)

ready_read = {}
ready_send = {}

ready_read = s
while True:
rs, ws, _ = select(ready_read.keys(), ready_send.keys(), [], 2)
print '.'
for r in rs:
if r == s:
(cli, addr) = s.accept()
ready_send[cli] = cli
ready_read[cli] = cli
else:
ret = r.recv(1000)
print 'ret =', ret
for w in ws:
w.send('you have to give up')

------------------------------------------------------------------------------------------------------------------------------------------------



The server blocks on recv here.

In both case I don't send anything with the client. (Perhaps stunnel
send something that I don't see ?)

Why does the server block ?

Kototama

 

[Donn Cave]

I don't have the same behaviour with two codes who are quite the same,
one using SSL, the other not. I tested the programs with stunnel and
telnet , respectively.

[... program source ...]

The server blocks on recv here.

SSL is a layer on top of the socket. It reads and writes
SSL protocol data on the socket connection, while its
recv() and send() methods return and accept the unencrypted
protocol payload (you already knew this.)

The select() function does not however deal with this layer,
it looks directly at the socket. It's telling you that recv()
won't block -- but it means the recv(2) that SSL uses, not
the SSL.Connection.recv() that you have to use.

In both case I don't send anything with the client. (Perhaps stunnel
send something that I don't see ?)

Why does the server block ?

Probably you're seeing the initial exchange of data during
the SSL connection - certificates and so forth. You may
find that after this is done, further exchanges will work
OK with select(). Or maybe not -- I really don't know enough
about SSL to predict this.

Donn Cave, (e-mail address removed)