Re: [Tutor] Sending a disconnect after openssl s_client command?

2009-04-21 Thread Martin Walsh 
Kayvan Sarikhani wrote:
> On Mon, Apr 20, 2009 at 1:17 PM, Martin Walsh  > wrote:
> 
> from subprocess import Popen, PIPE
> 
> openssl_cmd = 'openssl s_client -ssl2 -connect somewebsitename:443'
> openssl = Popen(
>  openssl_cmd, shell=True, stdout=PIPE, stderr=PIPE, stdin=PIPE
> )
> stdout, stderr = openssl.communicate('GET /')
> 
> Alternatively, if you're using python 2.6 and above, it looks like you
> can do something similar with a few lines of code, and the ssl module
> from the standard lib ...
> 
> # untested!
> import ssl
> try:
>cert = ssl.get_server_certificate(
>('somewebsitename', 443), ssl.PROTOCOL_SSLv2
>)
> except ssl.SSLError, ex:
># site may not support sslv2
>...
> 
> HTH,
> Marty
> 
>  
> Thanks Marty; this does indeed help...it just also means I need to
> really learn how subprocess works. ;) I wish I could claim to be using
> 2.6, but unfortunately the most current version at work is Python
> 2.5.2...most boxes here are even below, and I can't convince them to
> upgrade. Ah, well.

Yep, subprocess is the way to go.

In that case, if you're not offended by the extra dependency, then you
might be interested in http://pypi.python.org/pypi/ssl, which appears to
be a backport of the 2.6 ssl module.

I haven't tried it myself, but it has a get_server_certificate helper
also, so I'd expect it to work the same way. Although, you'll probably
want to explore in greater detail the properties of the exception that
is raised by a site not supporting sslv2. When I tried I received an
SSLError(errno=6) for a server configured w/o sslv2.

> 
> Thanks again though!

You're welcome, glad it helped. :)

Marty

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Sending a disconnect after openssl s_client command?

2009-04-20 Thread Kayvan Sarikhani 
On Mon, Apr 20, 2009 at 1:17 PM, Martin Walsh  wrote:

> from subprocess import Popen, PIPE
>
> openssl_cmd = 'openssl s_client -ssl2 -connect somewebsitename:443'
> openssl = Popen(
>  openssl_cmd, shell=True, stdout=PIPE, stderr=PIPE, stdin=PIPE
> )
> stdout, stderr = openssl.communicate('GET /')
>
> Alternatively, if you're using python 2.6 and above, it looks like you
> can do something similar with a few lines of code, and the ssl module
> from the standard lib ...
>
> # untested!
> import ssl
> try:
>cert = ssl.get_server_certificate(
>('somewebsitename', 443), ssl.PROTOCOL_SSLv2
>)
> except ssl.SSLError, ex:
># site may not support sslv2
>...
>
> HTH,
> Marty


Thanks Marty; this does indeed help...it just also means I need to really
learn how subprocess works. ;) I wish I could claim to be using 2.6, but
unfortunately the most current version at work is Python 2.5.2...most boxes
here are even below, and I can't convince them to upgrade. Ah, well.

Thanks again though!

K
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

Re: [Tutor] Sending a disconnect after openssl s_client command?

2009-04-20 Thread Martin Walsh 
Kayvan Sarikhani wrote:
> Tutors,
> 
>   I'm working on a script to verify whether a particular website
> supports SSLv2 via the following:
> 
> --- BEGIN ---
> #!/usr/bin/python
> import os, re
> 
> checkssl_out = open('checkssl.txt','w')
> 
> website = 'somewebsitename'
> sslv2 = 'Protocol  : SSLv2'
> 
> print 'Checking:', website
> 
> checksslv2 = os.popen('openssl s_client -ssl2 -connect
> somewebsitename:443').read().strip()
> 
> if re.search(sslv2, checksslv2) == None:
> print >> checkssl_out, website, 'does NOT support SSLv2'
> else:
> print >> checkssl_out, website, 'supports: SSLv2'
> 
> checkssl_out.close()
> --- END ---
> 
>   It works, but the problem is that OpenSSL does not automatically
> disconnect after end of input. I was curious if there's a way to send a
> CTRL-C at the end of the command, so that it *does* capture the output,
> and breaks after it. Any suggestions or help is appreciated!

You can do something like the following (untested) to simulate a CTRL-C,
but I'd recommend against it, as I doubt it will work as you expect ...

import os, signal
from subprocess import Popen, PIPE

openssl_cmd = 'openssl s_client -ssl2 -connect somewebsitename:443'
openssl = Popen(openssl_cmd, shell=True, stdout=PIPE, stderr=PIPE)

os.kill(openssl.pid, signal.SIGINT)

# dead, I bet, before any output is generated
stdout, stderr = openssl.communicate()


Instead, you may want to try to mimic this command-line behavior ...

echo "GET /" | openssl s_client -ssl2 -connect somewebsitename:443

... in which case, you can try something like this ...

from subprocess import Popen, PIPE

openssl_cmd = 'openssl s_client -ssl2 -connect somewebsitename:443'
openssl = Popen(
  openssl_cmd, shell=True, stdout=PIPE, stderr=PIPE, stdin=PIPE
)
stdout, stderr = openssl.communicate('GET /')

Alternatively, if you're using python 2.6 and above, it looks like you
can do something similar with a few lines of code, and the ssl module
from the standard lib ...

# untested!
import ssl
try:
cert = ssl.get_server_certificate(
('somewebsitename', 443), ssl.PROTOCOL_SSLv2
)
except ssl.SSLError, ex:
# site may not support sslv2
...

HTH,
Marty

> 
> K
> 

___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor

[Tutor] Sending a disconnect after openssl s_client command?

2009-04-17 Thread Kayvan Sarikhani 
Tutors,

  I'm working on a script to verify whether a particular website supports
SSLv2 via the following:

--- BEGIN ---
#!/usr/bin/python
import os, re

checkssl_out = open('checkssl.txt','w')

website = 'somewebsitename'
sslv2 = 'Protocol  : SSLv2'

print 'Checking:', website

checksslv2 = os.popen('openssl s_client -ssl2 -connect
somewebsitename:443').read().strip()

if re.search(sslv2, checksslv2) == None:
print >> checkssl_out, website, 'does NOT support SSLv2'
else:
print >> checkssl_out, website, 'supports: SSLv2'

checkssl_out.close()
--- END ---

  It works, but the problem is that OpenSSL does not automatically
disconnect after end of input. I was curious if there's a way to send a
CTRL-C at the end of the command, so that it *does* capture the output, and
breaks after it. Any suggestions or help is appreciated!

K
___
Tutor maillist  -  Tutor@python.org
http://mail.python.org/mailman/listinfo/tutor