I think I finally got some progress with this. I am using the idea from Trevor Perrin's TLS Lite http://trevp.net/tlslite/
which is to basically do a protocol wrapper through which Twisted will do it's calls, which gets me a change to make things go through M2Crypto/OpenSSL. TLS Lite does not work in client mode, though, which is what I am most interested in at the moment.
I tried to modify TLS Lite's TLSTwistedProtocolWrapper?
etc. but that did not seem to go anywhere.
I tried to modify TLS Lite to use M2Crypto in server mode with no luck either.
I finally started my own protocol wrapper from scratch. What's different in my implementation is that I am creating my SSL connection object using the real underlying socket - the simplistic fake socket approach does not work with M2Crypto (OpenSSL expects a socket-like thing). I am able to do the SSL handshake, send data to the server, and I receive the first batch of encrypted data back. And this is where I'm at right now:
- trying to make my ssl connection read will block forever or
- if I grab the SLL connection's sslbio object and write the data to it first, then read, I get: SSLError: decryption failed or bad record mac
def dataReceived(self, data):
mysock = BIO.BIO(self.sslConnection.sslbio)
print mysock.write(data) # prints 254
print self.sslConnection.pending() # prints 0, would have expected 0 < x < 255
self.sslConnection.recv(16384) # SSLError: decryption failed or bad record mac
This feels promising - should probably ask on OpenSSL lists.
If that is a dead end, could try making the fake socket a BIO instead.
- 25 Nov 2004