[Twisted-Python] Issue with TLS failure modes
Robert DiFalco
robert.difalco at gmail.com
Wed Sep 5 07:39:58 MDT 2018
Is the timeout the only way to handle this kind of TLS handshake error?
Sent from my iPhone
> On Aug 30, 2018, at 10:14 AM, Robert DiFalco <robert.difalco at gmail.com> wrote:
>
> I'm having an issue properly handling TLS failure modes. For example consider the EchoServer and EchoClient code. If I use a TLS client with a TCP4 server, I do not get a handshake exception until I abort the connection. But I don't want to abort the connection unless I get a handshake error.
>
> What I'd like to do is to check the handshake status in my protocol before my client sends bytes to the server. I'd like my send message to be able to raise the <class 'OpenSSL.SSL.Error'>: [('SSL routines', 'ssl23_read', 'ssl handshake failure'). But for some reason it seems to get lost until I abort the connection. Does this sound familiar to anyone?
>
> What I've done for now is setup a Timeout mixin so that after my client.send, if I do not get an ACK back (which my particular protocol does) within two minutes, I just abort the connection. This then calls connectionLost with the correct SSL.Error. But if it's in the error queue (and found during the course of abortConnection then isn't there a way to find it sooner? Like before my timeout and before I call send on the client protocol?
>
> Thanks!
More information about the Twisted-Python
mailing list