pythonsocketsssltcpstunnel

How do you use a Python socket with stunnel?

I'm trying to implement a TCP socket via stunnel but not sure how to capture the server response. My stunnel configuration file is exactly like this:

[Coinbase]
client = yes
accept = 127.0.0.1:4197
connect = fix.gdax.com:4198
verify = 4
CAfile = /etc/fix.gdax.com.pem

And the Python code I have is:

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("127.0.0.1", 4197))
msg = b'GET / HTTP/1.1\nHost: www.google.com\n\n' # ping google as a means of testing 
s.send(msg)
print(s.recv(1024))

Whatever the message I send over the socket (including those that the server located at fix.gdax.com would expect) the result of that print statement is always just an empty string in byte form:

b''

The stunnel log is as follows:

2017.11.02 20:49:58 LOG5[7]: Service [Coinbase] accepted connection from 
127.0.0.1:65205
2017.11.02 20:49:58 LOG5[7]: s_connect: connected 52.86.60.82:4198
2017.11.02 20:49:58 LOG5[7]: Service [Coinbase] connected remote server from 
192.168.0.14:65206
2017.11.02 20:49:58 LOG5[7]: Certificate accepted at depth=0: C=US, 
ST=California, L=San Francisco, O="Coinbase, Inc.", CN=*.gdax.com
2017.11.02 20:50:06 LOG3[7]: readsocket: Connection reset by peer 
(WSAECONNRESET) (10054)
2017.11.02 20:50:06 LOG5[7]: Connection reset: 37 byte(s) sent to TLS, 0 
byte(s) sent to socket

My interpretation of that is that the message is going out fine and the certificate is valid etc, but I can't work out how to receive data sent back by the server... any help greatly appreciated! I'm quite new to TCP & SSL so apologies if any of the terminology is wrong.

Solution

  • socket.recv() will return an empty string if the connection is closed by the remote party.

    It seems like you are trying to connect to a FIX gateway. It is a very standard behavior for a FIX server to close the connection without any response if it does not receive the correct LOGON message. The very first message you send must be LOGON - something like:

    8=FIX.4.4|9=74|35=A|34=1|49=SenderCompIdGoesHere|52=20171103-01:15:00.000|56=TargetCompIdGoesHere|98=0|108=30|10=144

    where "|" is the SOH (ASCII code 01) character. If you do not send this message, or you get anything wrong in it (like the CompIDs or FIX version, timestamp, etc) the server will typically just close the connection (making it a bit of a guess-work to figure out what you are sending wrong).

    Also, you can only send FIX protocol messages, the "GET ..." string you are trying to reach google with is part of the HTTP protocol - it will not be recognized by a FIX server.