How do I use TLS with asyncore?

Question

An asyncore-based XMPP client opens a normal TCP connection to an XMPP server. The server indicates it requires an encrypted connection. The client is now expected to start a TLS handshake so that subsequent requests can be encrypted.

tlslite integrates with asyncore, but the sample code is for a server (?) and I don't understand what it's doing.

I'm on Python 2.5. How can I get the TLS magic working?

---

Here's what ended up working for me:

from tlslite.api import *

def handshakeTls(self):
    """
    Encrypt the socket using the tlslite module
    """
    self.logger.info("activating TLS encrpytion")
    self.socket = TLSConnection(self.socket)
    self.socket.handshakeClientCert()

Answer 1

I've followed what I believe are all the steps tlslite documents to make an asyncore client work -- I can't actually get it to work since the only asyncore client I have at hand to tweak for the purpose is the example in the Python docs, which is an HTTP 1.0 client, and I believe that because of this I'm trying to set up an HTTPS connection in a very half-baked way. And I have no asyncore XMPP client, nor any XMPP server requesting TLS, to get anywhere close to your situation. Nevertheless I decided to share the fruits of my work anyway because (even though some step may be missing) it does seem to be a bit better than what you previously had -- I think I'm showing all the needed steps in the __init__. BTW, I copied the pem files from the tlslite/test directory.

import asyncore, socket
from tlslite.api import *

s = open("./clientX509Cert.pem").read()
x509 = X509()
x509.parse(s)
certChain = X509CertChain([x509])

s = open("./clientX509Key.pem").read()
privateKey = parsePEMKey(s, private=True)


class http_client(TLSAsyncDispatcherMixIn, asyncore.dispatcher):
    ac_in_buffer_size = 16384

    def __init__(self, host, path):
        asyncore.dispatcher.__init__(self)
        self.create_socket(socket.AF_INET, socket.SOCK_STREAM)
        self.connect( (host, 80) )

        TLSAsyncDispatcherMixIn.__init__(self, self.socket)
        self.tlsConnection.ignoreAbruptClose = True
        handshaker = self.tlsConnection.handshakeClientCert(
            certChain=certChain,
            privateKey=privateKey,
            async=True)
        self.setHandshakeOp(handshaker)

        self.buffer = 'GET %s HTTP/1.0\r\n\r\n' % path

    def handle_connect(self):
        pass

    def handle_close(self):
        self.close()

    def handle_read(self):
        print self.recv(8192)

    def writable(self):
        return (len(self.buffer) > 0)

    def handle_write(self):
        sent = self.send(self.buffer)
        self.buffer = self.buffer[sent:]

c = http_client('www.readyhosting.com', '/')

asyncore.loop()

This is a mix of the asyncore example http client in the Python docs, plus what I've gleaned from the tlslite docs and have been able to reverse engineer from their sources. Hope this (even though incomplete/not working) can at least advance you in your quest...

Personally, in your shoes, I'd consider switching from asyncore to twisted -- asyncore is old and rusty, Twisted already integrates a lot of juicy, useful bits (the URL I gave is to a bit in the docs that already does integrate TLS and XMPP for you...).

Answer 2

Definitely check out twisted and wokkel. I've been building tons of xmpp bots and components with it and it's a dream.