horazont / aioopenssl Goto Github PK

Hello,

Is version 0.3.2 meant to have this fix 7839188 ?

Cause it seems it doesn't...

Thanks.

Hello!

Thank you for this library, it looks like what I need!

For context, I'm playing with the idea of an HTTPS server that lazily produces certificate from ACME/Let's Encrypt when they are first accessed.

To do this I need to execute my code (a blocking asyncio callback) after the SSL handshake to and use the SNI and ALPN data to fetch/generate the correct certificate

However it is not completely clear how to do that:

• can the post_handshake_callback do that?
• Can STARTTLSTransport be used in server-mode? The tests always use it in client-mode

Thank you!

Hello,

When I start a server using some random self signed cert and then I use SSL.VERIFY_PEER on the ssl context I give to create_starttls_connection, should it complain if I haven't told it about my cert?

For example, https://gist.github.com/delfick/2b3b1faafe68428a67394fd66c591ca4

I expect this to not be able to successfully create a connection to my server, which is the behaviour I see when I use asyncio/ssl https://gist.github.com/delfick/09426ea00c614fd1d9504afecb075323

Reported by @jomag in aioxmpp.

Windows 10 support is broken as of python 3.8 now thanks to the event loop policy changing. Any plans on fixing this?

Hello,

In Python3.8 my pytest tests give me

.venv/lib/python3.8/site-packages/aioopenssl/__init__.py:726
  ~/project/.venv/lib/python3.8/site-packages/aioopenssl/__init__.py:726: DeprecationWarning: "@coroutine" decorator is deprecated since Python 3.8, use "async def" instead
    def create_starttls_connection(

-- Docs: https://docs.pytest.org/en/latest/warnings.html

See horazont/aioxmpp#116. @jomag reported:

[3286.014] ERR:  [asyncio] Fatal write error on STARTTLS transport
protocol: <aioxmpp.protocol.XMLStream object at 0xb41d0ad0>
transport: <aioopenssl.STARTTLSTransport object at 0xb41d0c10>Traceback (most recent call last):
  File "/usr/lib/python3.5/site-packages/aioopenssl/__init__.py", line 478, in _write_ready
    nsent = self._sock.send(bytes(self._buffer))
  File "/usr/lib/python3.5/site-packages/OpenSSL/SSL.py", line 1254, in send
    self._raise_ssl_error(self._ssl, result)
  File "/usr/lib/python3.5/site-packages/OpenSSL/SSL.py", line 1172, in _raise_ssl_error
    _raise_current_error()
  File "/usr/lib/python3.5/site-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_write_pending', 'bad write retry')]

Reseraching the error condition, it appears that OpenSSL by default does not allow you to change the buffer pointer or size between SSL_write calls which returned with a "NEED_READ" or "NEED_WRITE" condition.

See horazont/aioxmpp#33

The exception is confusing and not relevant during connection shutdown. We will need to keep some state indicating we are in shutdown and ignore read/write errors during that.

asyncio.BaseEventLoop.create_connection lets you specify a local address to bind to, doesn't seem to be a similar option in aioopenssl.create_starttls_connection