Path: csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail From: dieter Newsgroups: comp.lang.python Subject: Re: Using SSL socket as stdin for subprocess.Popen Date: Tue, 22 Mar 2016 09:22:11 +0100 Lines: 21 Message-ID: References: <56ED901A.5060704@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: news.uni-berlin.de QFP1DFpPzkMcmMy6K8Zz+A3WEzNAlvG1igdZbWYJmH2Q== Cancel-Lock: sha1:g961bdR89cOUIqOPAj+QVS6+X2s= Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.003 X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'subject:skip:s 10': 0.05; 'socket': 0.07; 'indicates': 0.09; 'observation': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'through,': 0.09; 'argument': 0.15; 'server,': 0.15; 'received:80.91.229.3': 0.16; 'received:dip0.t-ipconnect.de': 0.16; 'received:io': 0.16; 'received:plane.gmane.org': 0.16; 'received:psf.io': 0.16; 'received:t-ipconnect.de': 0.16; 'subject:SSL': 0.16; 'ssl': 0.18; 'seems': 0.23; "i've": 0.25; 'header:User-Agent:1': 0.26; 'header:X-Complaints-To:1': 0.26; 'handling': 0.27; 'raw': 0.27; '(used': 0.29; 'attempting': 0.29; 'socket,': 0.29; 'thus,': 0.29; "i'm": 0.30; 'common': 0.33; 'though.': 0.33; 'done': 0.35; 'something': 0.35; 'but': 0.36; 'created': 0.36; 'data.': 0.36; 'to:addr:python-list': 0.36; 'subject:: ': 0.37; 'client': 0.37; 'received:org': 0.37; 'charset:us-ascii': 0.37; 'data': 0.39; 'sure': 0.39; 'to:addr:python.org': 0.40; 'received:de': 0.40; 'your': 0.60; 'between': 0.65; 'special': 0.73; 'hand': 0.82; 'exchanged': 0.84; 'subject:Using': 0.84; 'certificates': 0.91 X-Injected-Via-Gmane: http://gmane.org/ X-Gmane-NNTP-Posting-Host: p57b39509.dip0.t-ipconnect.de User-Agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.4.22 (linux) X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: csiph.com comp.lang.python:105451 Matt Ruffalo writes: > ... > I've been using SSL for the communication between the client and server, > ... > I've hit an issue that I'm not sure how to work through, though. I'm > attempting to use a SSL socket (and/or the result of its 'makefile' > method) directly as the `stdin` argument to subprocess.Popen, but it > seems that the *encrypted* data is used by the subprocess. In order to access an SSL socket, something special must be done during the connection(/opening) phase: then certificates are exchanged/verified and a common session key is created (used to encrypt the exchanged data). Only after this special handling it the SSL socket transparent. Your observation indicates that your socket is not opened in this special SSL way - thus, you get the raw data. Likely, you must make sure that proper SSL initialization has taken place before you hand the socket down as "stdin" to your "subprocess.Popen".