SSL problem 
Author Message
 SSL problem

Hello,

I am having a problem with opening an https connection with the
following script:

#!/usr/bin/python2
import sys, httplib, urllib, re, getopt,time

h=httplib.HTTPSConnection('telemeter.telenet.be')
h.set_debuglevel(1)
h.request('GET','/be/telenet/afe/isps/TelemeterLogin.jsp')
response=h.getresponse()
h.close()

The output is:

send: 'GET /be/telenet/afe/isps/TelemeterLogin.jsp HTTP/1.1\r\n'
send: 'Host: telemeter.telenet.be:443\r\n'
send: 'Accept-Encoding: identity\r\n'
send: '\r\n'
Traceback (most recent call last):
  File "test.py", line 9, in ?
    response=h.getresponse()
  File "/usr/lib/python2.2/httplib.py", line 570, in getresponse
    response = self.response_class(self.sock, self.debuglevel)
  File "/usr/lib/python2.2/httplib.py", line 98, in __init__
    self.fp = sock.makefile('rb', 0)
  File "/usr/lib/python2.2/httplib.py", line 607, in makefile
    buf = self.__ssl.read()
socket.sslerror: (5, 'EOF occurred in violation of protocol')

Needless to say that Netscape and Konqueror can access this URL without
problems.
The same script works fine for other URLs.

Am I doing something wrong? Is there a way of debugging https
connections?
(Ethereal does not work for obvious reasons!).

All help appreciated!

egards,

Michel



Mon, 21 Jun 2004 21:27:05 GMT  
 SSL problem

Quote:
> Needless to say that Netscape and Konqueror can access this URL
> without

> problems.
> The same script works fine for other URLs.

Hi Michel, I tried the same url with urllib2 it returned lots of
stuff, the first lines I got was this:

<!--
/*******************************************************************************
**************
*1. Program Name                        :       TelemeterLogin.jsp
*2. Description                         :       Login screen for telemeter
*3. Version                             :       0.0a
*4. Modification Log    :
*Version                Date                    Author
Modification
*0.0a                   19/09/2001              Nilesh Dhande
Created
*
********************************************************************************
**************/
-->

Have you tried using urllib2/urllib instead? This might help you
diagnose where the error is located.

--

Vennlig hilsen

Syver Enstad



Mon, 21 Jun 2004 21:58:01 GMT  
 SSL problem
Thanks a lot!

I had thought of using urllib2, but I thought that if it didn't
work with httplib then it couldn't possibly work with urllib2! Seems I was
wrong.

Best regards,
Michel

Quote:


> > Needless to say that Netscape and Konqueror can access this URL
> > without

> > problems.
> > The same script works fine for other URLs.

> Hi Michel, I tried the same url with urllib2 it returned lots of
> stuff, the first lines I got was this:

> <!--
> /*******************************************************************************
> **************
> *1. Program Name                        :       TelemeterLogin.jsp
> *2. Description                         :       Login screen for telemeter
> *3. Version                             :       0.0a
> *4. Modification Log    :
> *Version                Date                    Author
> Modification
> *0.0a                   19/09/2001              Nilesh Dhande
> Created
> *
> ********************************************************************************
> **************/
> -->

> Have you tried using urllib2/urllib instead? This might help you
> diagnose where the error is located.

> --

> Vennlig hilsen

> Syver Enstad

--
Michel Van den Bergh                      Tel. 32-11-26.82.27
http://alpha.luc.ac.be/Research/Algebra   Fax. 32-11-26.82.99
-------------------------------------------------------------
Take back your computer. Use Gnu/Linux.


Mon, 21 Jun 2004 22:19:47 GMT  
 SSL problem
Unfortunately it still doesn't work with urllib2. I get the same error.
I upgraded to the lastest versions of the openssl libraries. To no avail.
I am using RH 7.1.

import sys, httplib, urllib, urllib2, re, getopt,time

h=urllib2.urlopen("https://telemeter.telenet.be/be/telenet/afe/isps/TelemeterLogin.js")

data=h.read()
print data

Best regards,
Michel

Quote:


> > Needless to say that Netscape and Konqueror can access this URL
> > without

> > problems.
> > The same script works fine for other URLs.

> Hi Michel, I tried the same url with urllib2 it returned lots of
> stuff, the first lines I got was this:

> <!--
> /*******************************************************************************
> **************
> *1. Program Name                        :       TelemeterLogin.jsp
> *2. Description                         :       Login screen for telemeter
> *3. Version                             :       0.0a
> *4. Modification Log    :
> *Version                Date                    Author
> Modification
> *0.0a                   19/09/2001              Nilesh Dhande
> Created
> *
> ********************************************************************************
> **************/
> -->

> Have you tried using urllib2/urllib instead? This might help you
> diagnose where the error is located.

> --

> Vennlig hilsen

> Syver Enstad

--
Michel Van den Bergh                      Tel. 32-11-26.82.27
http://alpha.luc.ac.be/Research/Algebra   Fax. 32-11-26.82.99
-------------------------------------------------------------
Take back your computer. Use Gnu/Linux.


Mon, 21 Jun 2004 23:56:00 GMT  
 SSL problem

Quote:
>Unfortunately it still doesn't work with urllib2. I get the same
>error.

The SSL installation on your box? Or python installation?

--

Vennlig hilsen

Syver Enstad



Tue, 22 Jun 2004 01:43:10 GMT  
 SSL problem

Quote:


> >Unfortunately it still doesn't work with urllib2. I get the same
> >error.

> The SSL installation on your box? Or python installation?

> --

> Vennlig hilsen

> Syver Enstad

Well I installed the latest openssl, recompiled python 2.2 from source
and
still it doesn't work.

Which platform do you use?

Regards,
Michel



Tue, 22 Jun 2004 03:11:15 GMT  
 SSL problem

Quote:
> Well I installed the latest openssl, recompiled python 2.2 from source

> and
> still it doesn't work.

> Which platform do you use?

python 2.1, win2k, and I downloaded some ssl binaries once upon a
time, and finally got them to work by rebuilding the socket module.

Try some earlier SSL?

Quote:

> Regards,
> Michel

--

Vennlig hilsen

Syver Enstad



Tue, 22 Jun 2004 05:37:44 GMT  
 SSL problem

Quote:
> python 2.1, win2k, and I downloaded some ssl binaries once upon a
> time, and finally got them to work by rebuilding the socket module.

> Try some earlier SSL?

Thanks for your interest. Perhaps this is a Linux problem? I'll just
wait. It might go away eventually.

Anyway here is the script again which highlights the problem.
Perhaps some other people might like to try it.

#!/usr/bin/python2

import httplib

h=httplib.HTTPSConnection('telemeter.telenet.be')
h.set_debuglevel(1)
h.request('GET','/be/telenet/afe/isps/TelemeterLogin.jsp')
response=h.getresponse()
h.close()

Here is the output:

send: 'GET /be/telenet/afe/isps/TelemeterLogin.jsp HTTP/1.1\r\n'
send: 'Host: telemeter.telenet.be:443\r\n'
send: 'Accept-Encoding: identity\r\n'
send: '\r\n'
Traceback (most recent call last):
  File "test.py", line 8, in ?
    response=h.getresponse()
  File "/var/tmp/python2-2.2-root/usr/lib/python2.2/httplib.py", line 570,
in getresponse
    response = self.response_class(self.sock, self.debuglevel)
  File "/var/tmp/python2-2.2-root/usr/lib/python2.2/httplib.py", line 98,
in __init__
    self.fp = sock.makefile('rb', 0)
  File "/var/tmp/python2-2.2-root/usr/lib/python2.2/httplib.py", line 607,
in makefile
    buf = self.__ssl.read()
socket.sslerror: (5, 'EOF occurred in violation of protocol')

Best regards,
Michel



Tue, 22 Jun 2004 05:54:11 GMT  
 SSL problem

Quote:
> Needless to say that Netscape and Konqueror can access this URL without
> problems.
> The same script works fine for other URLs.

> Am I doing something wrong? Is there a way of debugging https
> connections?

IMO, this is a bug in IIS, which is (probably) the server on the end
of your connection (didn't check). See

http://sourceforge.net/tracker/?group_id=5470&atid=105470&func=detail...

for the analysis done so far. What happens is that IIS closes the
connection without performing an SSL connection shutdown (it just
sends the end of the underlying TCP connection). OpenSSL reports that
as an error. Python 2.1 treats this error as the end of the
conversation; Python 2.2 reports the error to the application.

Now, it is possible to work around that bug: one could
a) take into account the Content-Length header of the response from
   IIS. This is probably what netscape does. Just read Content-Length
   bytes from the connection, then close it, regardless of anything
   else that may or may not be sent by the server.
   This is a reasonable approach, but it is not straight-forward to
   implement in httplib, and it may fail if the server does not send
   a Content-Length header (since it is optional; I guess IIS always
   sends that header).

b) treat this specific exception as an orderly end of the conversation
   as well. This is a hack, IMO, but would solve the problem for good.

No attempt has been made to implement either approach; contributions
are welcome.

Regards,
Martin



Tue, 22 Jun 2004 10:01:23 GMT  
 SSL problem

Quote:
> IMO, this is a bug in IIS, which is (probably) the server on the end
> of your connection (didn't check). See

The server at the other end is c2 Stronghold (Apache with the Ben
Laurie SSL module).  I was able to connect to it ok with with openssl s_client.
I haven't tried the python libs but might get around to doing so.  I've been
wondering about them anyway.


Tue, 22 Jun 2004 10:46:30 GMT  
 SSL problem

  http://sourceforge.net/tracker/?group_id=5470&atid=105470&func=detail...

Thanks for pointing me to the above bug report. I implemented

the "workaround" suggested there and now everything seems

to work.

***As far as I could tell the workaround amounts to manually

editing httplib.py. Am I correct in this? *****

Best regards,
Michel



Tue, 22 Jun 2004 19:19:29 GMT  
 SSL problem


Quote:
>   http://sourceforge.net/tracker/?group_id=5470&atid=105470&func=detail...

> Thanks for pointing me to the above bug report. I implemented

> the "workaround" suggested there and now everything seems

> to work.

> ***As far as I could tell the workaround amounts to manually

> editing httplib.py. Am I correct in this? *****

> Best regards,
> Michel

Answering to my own post......

I now realize that it is possible to subclass HTTPSConnection  (overriding "connect")

and FakeSocket. (overriding "makefile").

This is of course the correct python way to do it.

Best regards,
Michel



Tue, 22 Jun 2004 19:32:31 GMT  
 SSL problem

Quote:
> Anyway here is the script again which highlights the problem.
> Perhaps some other people might like to try it.

> #!/usr/bin/python2

> import httplib

> h=httplib.HTTPSConnection('telemeter.telenet.be')
> h.set_debuglevel(1)
> h.request('GET','/be/telenet/afe/isps/TelemeterLogin.jsp')
> response=h.getresponse()
> h.close()

Here's using M2Crypto on Python 2.0. (I just built Python 2.2 last night,
haven't tested M2Crypto with it.)


Python 2.0 (#4, Oct 18 2000, 23:09:30)
[GCC 2.95.2 19991024 (release)] on freebsd4
Type "copyright", "credits" or "license" for more information.

Quote:
>>> from M2Crypto import httpslib
>>> h = httpslib.HTTPSConnection('telemeter.telenet.be')
>>> h.set_debuglevel(1)
>>> h.request('GET', '/be/telenet/afe/isps/TelemeterLogin.jsp')

send: 'GET /be/telenet/afe/isps/TelemeterLogin.jsp HTTP/1.1\015\012'
send: 'Host: telemeter.telenet.be\015\012'
send: 'Accept-Encoding: identity\015\012'
send: '\015\012'
Quote:
>>> resp = h.getresponse()

reply: 'HTTP/1.0 200 OK\015\012'
header: Date: Fri, 04 Jan 2002 15:52:37 GMT
header: Pragma: no-cache
header: Server: WebLogic 6.0 Service Pack 2 05/24/2001 11:55:28 #117037
header: Content-Length: 3031
header: Content-Type: text/html; charset=ISO-8859-1
header: Expires: Thu, 01 Jan 1970 00:00:00 GMT
header: Set-Cookie: JSESSIONID=PDXPxZWqCDolz5PlBxX2w8HszY1nt1PCji52yNXjUH06C8oJm2g0!-1350228968832003849!wls1.oasis.telenet.be!8017!8018; path=/
header: Cache-Control: no-cache

Quote:
>>> h.close()

Cheers.

--



Tue, 22 Jun 2004 23:55:13 GMT  
 SSL problem

Quote:
> ***As far as I could tell the workaround amounts to manually

> editing httplib.py. Am I correct in this? *****

Indeed. Please contribute your patch to sf.net/projects/python, for
review and possible inclusion into Python 2.2.1.

Regards,
Martin



Wed, 23 Jun 2004 00:33:14 GMT  
 
 [ 14 post ] 

 Relevant Pages 

1. SSL problem - followup

2. SSL problem with Python (NEWBIE ALERT)

3. Python+SSL+Apache+PyApache problem

4. Swazoo 0.9.60 with SSL support released

5. APL+Win 4.0, SSL and []ni

6. Anyone working on SSL?

7. SSL Socket package for Dolphin 4 available

8. SSL in Smalltalk, help needed

9. SSL error RSASignalRepresentativeOutOfRangeSignal

10. SSL server example?

11. SSL Server

12. VW7 (VW5): IMAP and SSL

 

 
Powered by phpBB® Forum Software