Twisted+M2Crypto

I think I finally got some progress with this. I am using the idea from Trevor Perrin's TLS Lite http://trevp.net/tlslite/ which is to basically do a protocol wrapper through which Twisted will do it's calls, which gets me a change to make things go through M2Crypto/OpenSSL. TLS Lite does not work in client mode, though, which is what I am most interested in at the moment.

I tried to modify TLS Lite's TLSTwistedProtocolWrapper^? etc. but that did not seem to go anywhere.

I tried to modify TLS Lite to use M2Crypto in server mode with no luck either.

I finally started my own protocol wrapper from scratch. What's different in my implementation is that I am creating my SSL connection object using the real underlying socket - the simplistic fake socket approach does not work with M2Crypto (OpenSSL expects a socket-like thing). I am able to do the SSL handshake, send data to the server, and I receive the first batch of encrypted data back. And this is where I'm at right now:

• trying to make my ssl connection read will block forever or
• if I grab the SLL connection's sslbio object and write the data to it first, then read, I get: SSLError: decryption failed or bad record mac

class MyProtocolWrapper(ProtocolWrapper):

...

    def dataReceived(self, data):
        print 'MyProtocolWrapper.dataReceived'
        mysock = BIO.BIO(self.sslConnection.sslbio)
        print mysock.write(data)                     # prints 254
        print self.sslConnection.pending()           # prints 0, would have expected 0 < x < 255
        self.sslConnection.recv(16384)               # SSLError: decryption failed or bad record mac

This feels promising - should probably ask on OpenSSL lists.

If that is a dead end, could try making the fake socket a BIO instead.

-- HeikkiToivonen - 25 Nov 2004