Re: [Python-Dev] ssl module and LibreSSL CVE-2018-8970

2018-04-05 Thread Wes Turner
+1. Thanks! Which tests? On Wednesday, April 4, 2018, Christian Heimes wrote: > Hi, > > I like to share the story of a critical security bug with you. Contrary > to other issues in TLS/SSL, it's a story with happy ending. Nobody was > harmed. The bug was fixed before it

Re: [Python-Dev] ssl module and LibreSSL CVE-2018-8970

2018-04-05 Thread Brett Cannon
Nice work! Something to add to our "finding C compiler bugs" list of accomplishments.  On Wed, Apr 4, 2018, 13:39 Christian Heimes, wrote: > Hi, > > I like to share the story of a critical security bug with you. Contrary > to other issues in TLS/SSL, it's a story with

[Python-Dev] ssl module and LibreSSL CVE-2018-8970

2018-04-04 Thread Christian Heimes
Hi, I like to share the story of a critical security bug with you. Contrary to other issues in TLS/SSL, it's a story with happy ending. Nobody was harmed. The bug was fixed before it affected the general population. Introduction Python's ssl.match_hostname() function was a source

Re: [Python-Dev] ssl module

2009-10-30 Thread Martin v. Löwis
Is there a place where the status of the ssl module is summarized The documentation of the ssl module should describe its features correctly and precisely. or a better place to discuss this? I could try to provide contributions or further details if appropriate. For contributions, this is

[Python-Dev] ssl module

2009-10-29 Thread Bruno Harbulot
Hello, I would like to ask a few questions and suggestions regarding the ssl module (in Python 2.6). (I gather from [1] that there is some effort going on to enhance the ssl API, but I'm not sure if this is the right place to discuss it.) Like other Python users, I was a bit surprised by

Re: [Python-Dev] ssl module

2009-10-29 Thread Bill Janssen
Bruno Harbulot bruno.harbu...@manchester.ac.uk wrote: Hello, I would like to ask a few questions and suggestions regarding the ssl module (in Python 2.6). (I gather from [1] that there is some effort going on to enhance the ssl API, but I'm not sure if this is the right place to discuss

Re: [Python-Dev] ssl module, non-blocking sockets and asyncore integration

2008-09-18 Thread Giampaolo Rodola'
Some good news: I finally figured out how to modify asyncore to make it properly handle the non-blocking ssl-handshake. I provided a patch for test_ssl.py in issue 3899. Bill, could you please review it? --- Giampaolo http://code.google.com/p/pyftpdlib/ On 18 Set, 00:49, Giampaolo Rodola'

Re: [Python-Dev] ssl module, non-blocking sockets and asyncore integration

2008-09-17 Thread Bill Janssen
Giampaolo Rodola' [EMAIL PROTECTED] wrote: 2 - By reading ssl.py code I noticed that when do_handshake_on_connect flag is False the do_handshake() method is never called. Is it supposed to be manually called when dealing with non-blocking sockets? Yes. Look at the example client in

Re: [Python-Dev] ssl module, non-blocking sockets and asyncore integration

2008-09-17 Thread Bill Janssen
Giampaolo Rodola' [EMAIL PROTECTED] wrote: I change my question: how am I supposed to know when the SSL hanshake is completed? When pending() returns False? When do_handshake() doesn't raise an exception. Bill ___ Python-Dev mailing list

Re: [Python-Dev] ssl module, non-blocking sockets and asyncore integration

2008-09-17 Thread Bill Janssen
Giampaolo Rodola' [EMAIL PROTECTED] wrote: In the meanwhile I noticed something in the ssl.py code which seems to be wrong: def recv (self, buflen=1024, flags=0): if self._sslobj: if flags != 0: raise ValueError( non-zero flags

Re: [Python-Dev] ssl module, non-blocking sockets and asyncore integration

2008-09-17 Thread Bill Janssen
Ah, now I remember. It seems that sometimes when SSL_ERROR_WANT_READ was returned, things would block; that is, the handle_read method on asyncore.dispatcher was never called again, so the SSLSocket.recv() method was never re-called. There are several levels of buffering going on, and I never

Re: [Python-Dev] ssl module, non-blocking sockets and asyncore integration

2008-09-17 Thread Jean-Paul Calderone
On Wed, 17 Sep 2008 10:40:01 PDT, Bill Janssen [EMAIL PROTECTED] wrote: Ah, now I remember. It seems that sometimes when SSL_ERROR_WANT_READ was returned, things would block; that is, the handle_read method on asyncore.dispatcher was never called again, so the SSLSocket.recv() method was never

Re: [Python-Dev] ssl module, non-blocking sockets and asyncore integration

2008-09-17 Thread Bill Janssen
Jean-Paul Calderone [EMAIL PROTECTED] wrote: On Wed, 17 Sep 2008 10:40:01 PDT, Bill Janssen [EMAIL PROTECTED] wrote: Ah, now I remember. It seems that sometimes when SSL_ERROR_WANT_READ was returned, things would block; that is, the handle_read method on asyncore.dispatcher was never called

Re: [Python-Dev] ssl module, non-blocking sockets and asyncore integration

2008-09-17 Thread Nick Coghlan
Bill Janssen wrote: Jean-Paul Calderone [EMAIL PROTECTED] wrote: On Wed, 17 Sep 2008 10:40:01 PDT, Bill Janssen [EMAIL PROTECTED] wrote: Ah, now I remember. It seems that sometimes when SSL_ERROR_WANT_READ was returned, things would block; that is, the handle_read method on

Re: [Python-Dev] ssl module, non-blocking sockets and asyncore integration

2008-09-17 Thread Giampaolo Rodola'
Ok, here's some news, in case they can be of some interest. I managed to write an asyncore disptacher which seems to work. I used my test suite against it and 70 tests passed and 2 failed. The tests failed because at a certain point a call to do_handhsake results in an EOF exception, which is very

Re: [Python-Dev] ssl module, non-blocking sockets and asyncore integration

2008-09-16 Thread Giampaolo Rodola'
I've tried to modify my existing asyncore-based code but I'm encountering a lot of different problems I didn't manage to fix. It seems that playing with the do_handshake_on_connect flag doesn't make any difference. I guess that without some kind of documentation describing how to deal with

Re: [Python-Dev] ssl module, non-blocking sockets and asyncore integration

2008-09-16 Thread Giampaolo Rodola'
Sorry, ignore my 2nd question, I see now that you already gave a very clear answer in your first message. I change my question: how am I supposed to know when the SSL hanshake is completed? When pending() returns False? If so I'd recommend to document the method. --- Giampaolo

Re: [Python-Dev] ssl module integration with asyncore

2007-11-29 Thread Giampaolo Rodola'
On 29 Nov, 06:00, Bill Janssen [EMAIL PROTECTED] wrote: I think it's simpler to let the SSL module do it, even though it comes at the expense of blocking the thread till the handshake is complete. That's essentially what happens already. The question is whether the SSL setup code is allowed

Re: [Python-Dev] ssl module integration with asyncore

2007-11-29 Thread Bill Janssen
No, the SSL code should NOT be allowed to block anything in any case, even though the handshake is still not completed, in which case just retry it at a later time. That's why there's do_handshake_on_connect in the first place. I'm just talking about what the SSL module should do if you don't

Re: [Python-Dev] ssl module integration with asyncore

2007-11-28 Thread Bill Janssen
I tried to write a simple asyncore-based server code, then I used a simple client to establish a connection with it. Once the client is connected server raises the following exception: I think this is a bug. Thanks! The issue is that the internal call to do_handshake() doesn't handle

Re: [Python-Dev] ssl module integration with asyncore

2007-11-28 Thread Giampaolo Rodola'
On 29 Nov, 00:26, Bill Janssen [EMAIL PROTECTED] wrote: I tried to write a simple asyncore-based server code, then I used a simple client to establish a connection with it. Once the client is connected server raises the following exception: I think this is a bug. Thanks! You're welcome.

Re: [Python-Dev] ssl module integration with asyncore

2007-11-28 Thread Bill Janssen
It does raise the same exception. Hmmm, not in my version. Are there plans for fixing this? Yes, it's fixed in my CVS, and I'll upload a new version to PyPI when I get a chance. Using that kind of workaround is not acceptable in any case (select module shouldn't even get imported when

Re: [Python-Dev] ssl module integration with asyncore

2007-11-28 Thread Giampaolo Rodola'
On 29 Nov, 03:27, Bill Janssen [EMAIL PROTECTED] wrote: It does raise the same exception. Hmmm, not in my version. Are there plans for fixing this? Yes, it's fixed in my CVS, and I'll upload a new version to PyPI when I get a chance. Using that kind of workaround is not acceptable in

Re: [Python-Dev] ssl module integration with asyncore

2007-11-28 Thread Bill Janssen
IMO, it's not reasonable since the application could use something different than select.select(), like select.poll() or something else again. As I said before, you can do away with select or poll altogether if you write a state machine for your asyncore dispatcher. Asyncore will tell you

Re: [Python-Dev] ssl module integration with asyncore

2007-11-27 Thread Giampaolo Rodola'
I tried to write a simple asyncore-based server code, then I used a simple client to establish a connection with it. Once the client is connected server raises the following exception: --- snippet --- C:\Documents and Settings\billiejoex\Desktop\testtest.py []127.0.0.1:3003 Connected. Traceback

Re: [Python-Dev] ssl module integration with asyncore

2007-11-26 Thread Bill Janssen
Hi there, since ssl module is still in development I thought it would have been better asking such question here instead of on comp.lang.python. I'm interested in using the ssl module with asyncore but since there's no real documentation about it yet I've been not able to write something

Re: [Python-Dev] ssl module integration with asyncore

2007-11-26 Thread Giampaolo Rodola'
On 26 Nov, 19:23, Bill Janssen [EMAIL PROTECTED] wrote: Hi there, since ssl module is still in development I thought it would have been better asking such question here instead of on comp.lang.python. I'm interested in using the ssl module with asyncore but since there's no real

Re: [Python-Dev] ssl module integration with asyncore

2007-11-26 Thread Bill Janssen
I downloaded this one: http://pypi.python.org/pypi/ssl/1.12 Yes, that's the one. ...which seems to contain the same test-suite used in the current Not quite. Python 2.6 distribution available here: http://svn.python.org/snapshots/ I looked into test/test_ssl.py but I didn't find any test

[Python-Dev] ssl module integration with asyncore

2007-11-23 Thread Giampaolo Rodola'
Hi there, since ssl module is still in development I thought it would have been better asking such question here instead of on comp.lang.python. I'm interested in using the ssl module with asyncore but since there's no real documentation about it yet I've been not able to write something useful

[Python-Dev] ssl module integration with asyncore

2007-11-23 Thread Giampaolo Rodola'
Hi there, since ssl module is still in development I thought it would have been better asking such question here instead of on comp.lang.python. I'm interested in using the ssl module with asyncore but since there's no real documentation about it yet I've been not able to write something useful

[Python-Dev] SSL module backport package ready for more testing

2007-09-20 Thread Bill Janssen
I've posted an sdist version of the 'ssl' module for Pythons 2.3.5 to 2.5.x, at http://www.parc.com/janssen/transient/ssl-1.3.tar.gz. I think this is 'gold master', but before I upload it to the Cheeseshop, I'd like to get more testing on a broader variety of platforms. The intent of this