Skip to content

General Usage #2

New issue
New issue
Open
Open
General Usage#2
@ddurham2

Description

@ddurham2
ddurham2
opened on Aug 29, 2022

Hey, I came across your post here. I'm also trying to make PSK work generally in python and pskssl2 seems to be the most viable option.

I'm working in the context of asyncio (aiohttp) and so you're post was most helpful.

I believe I have your code working on the aiohttp server side. I can get openssl s_client to have failure/success depending on the chosen PSK, but it isn't helpful to actually make HTTP requests. Unfortunately, curl and wget on the cli don't offer any PSK options.

So I started working with your code on an aiohttp client side to verify. But I'm running into an error

    return await self._loop.create_connection(*args, **kwargs)  # type: ignore[return-value]  # noqa
  File "/usr/lib/python3.8/asyncio/base_events.py", line 1050, in create_connection
    transport, protocol = await self._create_connection_transport(
  File "/usr/lib/python3.8/asyncio/base_events.py", line 1080, in _create_connection_transport
    await waiter
  File "/usr/lib/python3.8/asyncio/sslproto.py", line 529, in data_received
    ssldata, appdata = self._sslpipe.feed_ssldata(data)
  File "/usr/lib/python3.8/asyncio/sslproto.py", line 189, in feed_ssldata
    self._sslobj.do_handshake()
  File "tc.py", line 59, in do_handshake
    super().do_handshake(*args, **kwargs)
  File "/usr/lib/python3.8/ssl.py", line 944, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT] attempt to reuse session in different context (_ssl.c:1131)

This is an error from openssl itself. Something is getting confused I guess and it's thinking I'm trying to resume a session (which a similar operation but not what I'm doing).
I'm simply supplying your subclass of SSLContext to aiohttp.get() which is generally how to customize the ssl context. This could be a problem with how aiohttp is working. But I was wondering if you've run into a similar error.

Thanks (sorry for not-the-best-means of communicating, but I wasn't sure how else to ask).

I'm trying to get something going in the short term, but once I grok this, I may attempt to submit a upstream patch for general PSK support.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      pFad - Phonifier reborn

      Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

      Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


      Alternative Proxies:

      Alternative Proxy

      pFad Proxy

      pFad v3 Proxy

      pFad v4 Proxy