horazont / aioopenssl Goto Github PK
View Code? Open in Web Editor NEW(START-)TLS-capable transport using OpenSSL for asyncio
License: Apache License 2.0
(START-)TLS-capable transport using OpenSSL for asyncio
License: Apache License 2.0
Hello!
Thank you for this library, it looks like what I need!
For context, I'm playing with the idea of an HTTPS server that lazily produces certificate from ACME/Let's Encrypt when they are first accessed.
To do this I need to execute my code (a blocking asyncio callback) after the SSL handshake to and use the SNI and ALPN data to fetch/generate the correct certificate
However it is not completely clear how to do that:
post_handshake_callback
do that?STARTTLSTransport
be used in server-mode? The tests always use it in client-modeThank you!
Hello,
When I start a server using some random self signed cert and then I use SSL.VERIFY_PEER on the ssl context I give to create_starttls_connection, should it complain if I haven't told it about my cert?
For example, https://gist.github.com/delfick/2b3b1faafe68428a67394fd66c591ca4
I expect this to not be able to successfully create a connection to my server, which is the behaviour I see when I use asyncio/ssl https://gist.github.com/delfick/09426ea00c614fd1d9504afecb075323
Reported by @jomag in aioxmpp.
Windows 10 support is broken as of python 3.8 now thanks to the event loop policy changing. Any plans on fixing this?
Hello,
In Python3.8 my pytest tests give me
.venv/lib/python3.8/site-packages/aioopenssl/__init__.py:726
~/project/.venv/lib/python3.8/site-packages/aioopenssl/__init__.py:726: DeprecationWarning: "@coroutine" decorator is deprecated since Python 3.8, use "async def" instead
def create_starttls_connection(
-- Docs: https://docs.pytest.org/en/latest/warnings.html
See horazont/aioxmpp#116. @jomag reported:
[3286.014] ERR: [asyncio] Fatal write error on STARTTLS transport
protocol: <aioxmpp.protocol.XMLStream object at 0xb41d0ad0>
transport: <aioopenssl.STARTTLSTransport object at 0xb41d0c10>Traceback (most recent call last):
File "/usr/lib/python3.5/site-packages/aioopenssl/__init__.py", line 478, in _write_ready
nsent = self._sock.send(bytes(self._buffer))
File "/usr/lib/python3.5/site-packages/OpenSSL/SSL.py", line 1254, in send
self._raise_ssl_error(self._ssl, result)
File "/usr/lib/python3.5/site-packages/OpenSSL/SSL.py", line 1172, in _raise_ssl_error
_raise_current_error()
File "/usr/lib/python3.5/site-packages/OpenSSL/_util.py", line 48, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_write_pending', 'bad write retry')]
Reseraching the error condition, it appears that OpenSSL by default does not allow you to change the buffer pointer or size between SSL_write calls which returned with a "NEED_READ" or "NEED_WRITE" condition.
See horazont/aioxmpp#33
The exception is confusing and not relevant during connection shutdown. We will need to keep some state indicating we are in shutdown and ignore read/write errors during that.
asyncio.BaseEventLoop.create_connection lets you specify a local address to bind to, doesn't seem to be a similar option in aioopenssl.create_starttls_connection
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.