I'm wondering if I can recv/send data on a raw socket before wrapping it - I've looked through the documentation and searched for it but couldn't find anything specific. What I basically want to do:
client, addr = listeningSocket.accept()
sslSocket = ssl.wrap_socket(client, keyfile='key.pem', certfile='cert.pem', server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
The problem is I get an error that I'm pretty sure is related to the client.recv() before wrapping (or at least I think that's it since I do not get it before adding the recv?)
sslSocket = ssl.wrap_socket(client, keyfile='key.pem', certfile='cert.pem', server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
File "/usr/lib/python3.1/ssl.py", line 381, in wrap_socket
File "/usr/lib/python3.1/ssl.py", line 135, in __init__
raise x
File "/usr/lib/python3.1/ssl.py", line 131, in __init__
File "/usr/lib/python3.1/ssl.py", line 327, in do_handshake
ssl.SSLError: [Errno 8] _ssl.c:488: EOF occurred in violation of protocol
Is this legal? Is there anyway to do this (I really need to send before wrapping since the client expects a raw string before the SSL data starts flooding.) Appreciate any guidance possible.
Note: I need to respond to a policy request from flash. The connection with flash is going to be secure, but the policy request isn't
I notice in the documentation for do_handshake ( http://docs.python.org/library/ssl.html#ssl.SSLSocket.do_handshake ), which is called by wrap_socket (as is apparent from your callstack), that it may raise an ssl.SSLError on nonblocking sockets, and you have to wrap it in a try/except to try until it works. So in your case, if you need a nonblocking socket, you would either need to do the handshake yourself first and pass do_handshake_on_connect=False to wrap_socket, or just wait until after the handshake to set nonblocking:
or maybe:
Yet another alternative is just to run a dedicated Flash policy server on port 843.
I believe if you close the socket after the Flash policy request, Flash will handle this correctly and reconnect after validating the policy response.