开发者

HTTPS session reuse in Python

开发者 https://www.devze.com 2023-03-15 09:39 出处:网络
I would like to be able to use parallel requests to a HTTPS server. Currently, I am using PyCURL, but it isn\'t able of reusing the same SSL session ID between different handles, and each handle can o

I would like to be able to use parallel requests to a HTTPS server. Currently, I am using PyCURL, but it isn't able of reusing the same SSL session ID between different handles, and each handle can only take care of one download/upload each time.

开发者_开发问答

Taking into account the negotiation takes time (specially because client certificate is used), reusing the id (as browsers do for downloading few resources in parallel from a web) that would probably improve the performance.

So, does anybody now about some workaround for PyCURL, or an alternative HTTP module that supports that? httplib doesn't seem to do the work, either.


Reusing session ids isn't currently easily accessible as noted here, I haven't heard of any simple solution for this - but it should just be a matter of saving your context after the initial handshake and reusing it.

PyOpenSSL exposes these mechanisms, but at a lower level than most people would want. I'd put my money on the following sequence of events:

  • Figure out how to do the session resuse stuff first, just do a proof of concept. A useful tool for this is the openssl binary (the one people generally use to make SSL keys). It's got a built-in client that you can use like this:

openssl s_client -connect HOST:443

  • You can print out all sorts of good diagnostic stuff (such as your SSL session id) just so you can verify it outside of the scope of your immediate problem.

  • Once you have that, httplib's SSL support is pretty simple, HTTPSConnection is a very thin wrapper around HTTPConnection (only two methods extending the class. The one you want to modify is connect.

httplib.py - HTTPSConnection class

    def connect(self):
        "Connect to a host on a given (SSL) port."

        sock = socket.create_connection((self.host, self.port),
                                        self.timeout, self.source_address)
        if self._tunnel_host:
            self.sock = sock
            self._tunnel()
        self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
0

精彩评论

暂无评论...
验证码 换一张
取 消