Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

iostream.SSLIOStream client do ssl.wrap_socket() too late after connect() and therefore cannot write() #587

Closed
ilfirin-ms opened this Issue Aug 17, 2012 · 1 comment

Comments

Projects
None yet
2 participants

When I connect to ssl server [netutil.TCPServer] with SSLIOStream (client), I have to sleep some time after connect, or
exception is raised when tried to send data:

Traceback (most recent call last):
  File "./test_server_gui.py", line 103, in test_accept_connection_and_data_with_stream
    stream.write(b'test')
  File "/usr/local/lib/python3.2/dist-packages/tornado/iostream.py", line 210, in write
    self._handle_write()
  File "/usr/local/lib/python3.2/dist-packages/tornado/iostream.py", line 671, in _handle_write
    self._do_ssl_handshake()
  File "/usr/local/lib/python3.2/dist-packages/tornado/iostream.py", line 641, in _do_ssl_handshake
    self.socket.do_handshake()
AttributeError: 'socket' object has no attribute 'do_handshake'

example code:

def test_accept_connection_and_data_with_stream(WORKAROUND=0):
    "Test if server is listening and accepting data with SSLIOStream"

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    stream = SSLIOStream(s,
                         ssl_options={
                             'ca_certs': 'fake_certificate_autority',
                             'cert_reqs' : ssl.CERT_REQUIRED
                         })

    stream.connect((server_ip, server_port))

    if WORKAROUND:
        time.sleep(0.1)

    # test write
    stream.write(b'test')

    # test reply, not part of example
    time.sleep(0.1)
    data = b''.join(stream._read_buffer)
    assert(data == b'got test')

    stream.close()

I have also tried to run test in another IOLoop but same behaviour.

Test with pure socket example from Python docs works.

Owner

bdarnell commented Aug 19, 2012

Instead of sleeping, a better workaround would be to pass a callback to connect and wait for it to be called. If the data you're sending is sensitive, you'll want to do this anyway so you can verify the certificate of the server before sending anything.

Anyway, I've checked in a change that should fix this issue and make write work as documented while the connection is in progress.

@bdarnell bdarnell closed this in 302c503 Aug 19, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment