Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

Unix is a Registered Bell of AT&T Trademark Laboratories. -- Donn Seeley

devel / comp.lang.python / Re: ssl: why wrap newly accept()ed connections?

SubjectAuthor
o Re: ssl: why wrap newly accept()ed connections?Kushal Kumaran

1
Re: ssl: why wrap newly accept()ed connections?

<mailman.8.1643917060.27178.python-list@python.org>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=21295&group=comp.lang.python#21295

  copy link   Newsgroups: comp.lang.python
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!not-for-mail
From: kushal@locationd.net (Kushal Kumaran)
Newsgroups: comp.lang.python
Subject: Re: ssl: why wrap newly accept()ed connections?
Date: Thu, 03 Feb 2022 11:37:35 -0800
Lines: 40
Message-ID: <mailman.8.1643917060.27178.python-list@python.org>
References: <61fc2a3d.1c69fb81.c508c.1f92@mx.google.com>
<87k0ebkagw.fsf@locationd.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Trace: news.uni-berlin.de sBMldDC12NoObITHEPLeugFYTBuujiIxmRld9fK4nrjA==
Return-Path: <kushal@locationd.net>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
Authentication-Results: mail.python.org; dkim=none reason="no signature";
dkim-adsp=none (unprotected policy); dkim-atps=neutral
X-Spam-Status: OK 0.052
X-Spam-Evidence: '*H*': 0.90; '*S*': 0.00; '2022': 0.05; 'docs,':
0.09; 'connection.': 0.16; 'kushal': 0.16; 'ssl': 0.16; 'tls':
0.16; 'wrote:': 0.16; 'feb': 0.17; 'grant': 0.17; 'server.': 0.19;
'thu,': 0.19; 'to:addr:python-list': 0.20; "i've": 0.22; 'code':
0.23; 'examples': 0.25; 'section': 0.25; 'seems': 0.26; 'done':
0.28; 'purpose': 0.28; 'header:User-Agent:1': 0.30; 'am,': 0.31;
'fine.': 0.32; 'server': 0.33; 'header:In-Reply-To:1': 0.34;
'using': 0.37; 'use': 0.39; 'methods': 0.39; 'method': 0.61;
'simply': 0.63; 'skip:b 10': 0.63; 'end,': 0.69; 'client': 0.82;
'(such': 0.84; 'received:88': 0.84; 'true:': 0.84; 'newly': 0.93
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
arsenic.locationd.net
X-Spam-Level:
X-Spam-Status: No, score=-2.5 required=5.0 tests=ALL_TRUSTED,BAYES_00
autolearn=ham autolearn_force=no version=3.4.2
X-Clacks-Overhead: GNU Terry Pratchett
In-Reply-To: <61fc2a3d.1c69fb81.c508c.1f92@mx.google.com> (Grant Edwards's
message of "Thu, 03 Feb 2022 11:17:17 -0800 (PST)")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: General discussion list for the Python programming language
<python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>,
<mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <https://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>,
<mailto:python-list-request@python.org?subject=subscribe>
X-Mailman-Original-Message-ID: <87k0ebkagw.fsf@locationd.net>
X-Mailman-Original-References: <61fc2a3d.1c69fb81.c508c.1f92@mx.google.com>
 by: Kushal Kumaran - Thu, 3 Feb 2022 19:37 UTC

On Thu, Feb 03 2022 at 11:17:17 AM, Grant Edwards <grant.b.edwards@gmail.com> wrote:
> According to the docs, when you accept() an ssl connection,
> you need to wrap the new connection:
>
> https://docs.python.org/3/library/ssl.html?highlight=ssl#ssl-sockets
>
> When a client connects, you’ll call accept() on the socket to get
> the new socket from the other end, and use the context’s
> SSLContext.wrap_socket() method to create a server-side SSL socket
> for the connection:
>
> while True:
> newsocket, fromaddr = bindsocket.accept()
> connstream = context.wrap_socket(newsocket, server_side=True)
> try:
> deal_with_client(connstream)
> finally:
> connstream.shutdown(socket.SHUT_RDWR)
> connstream.close()
>
> However, example server code I've found does not wrap the newly
> accepted connection. I've checked, and newsocket is already an
> <ssl:SSLSocket> object. The examples I've seen/tried simply call
> ..recv() and .send() methods of newsocket, and that seems to work fine.
>
> What is the purpose of wrapping newsocket?

That section is talking about using an "ordinary" socket for the server.
bindsocket is a socket.socket. If bindsocket was already a
ssl.SSLSocket, the wrapping would be already done by accept.

I suppose this kind of functionality is useful for protocols that start
off as cleartext and then switch to TLS (such as the mail-related
protocols that use STARTTLS).

--
regards,
kushal

devel / comp.lang.python / Re: ssl: why wrap newly accept()ed connections?

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor