问题
I'm having some trouble wrapping an existing socket connection in ssl in a Python program. Essentially, it's an implementation of STARTTLS, i.e. a currently connected client can issue the STARTTLS command and the server will secure the connection.
Here's the portion of the code that I'm struggling with:
self.client_s = ssl.wrap_socket(
self.client_s,
certfile='/path/to/cert.crt',
keyfile='/path/to/key.key',
do_handshake_on_connect=False
)
while True:
try:
self.client_s.do_handshake()
break
except ssl.SSLError, e:
if e.args[0] == ssl.SSL_ERROR_WANT_READ:
select([self.client_s], [], [])
elif e.args[0] == ssl.SSL_ERROR_WANT_WRITE:
select([], [self.client_s], [])
else: raise
When I connect using openssl, I get the following:
_ssl.c:491: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
I'm connecting by running this:
openssl s_client -connect localhost:50000 -crlf -starttls smtp -debug -ssl3
Changing the openssl command to use -ssl2, -no_ssl2, or -tls1 is no help. I've also tried adding server_side=True to wrap_socket() but just causes the ssl handshake to time-out.
I should note that wrap_socket() works fine when the connection is encrypted from start to finish, just not when I try to use it in a STARTTLS context.
Python version is 2.4.3
Thanks in advance, I appreciate any pointers or help.
来源:https://stackoverflow.com/questions/11994949/wrapping-an-existing-socket-in-ssl-python