You will find this wrapper program (in C) useful:
There's a security flaw in your program regarding to the initial exchange of SSL certificates. Your protocol is vulnerable to the man-in-the-middle attack which SSL tries hard to block. Using Diffie-Hellman will improve the situation a little bit but will not essentially solve the problem. This is why all major OS/browsers are shipped with many SSL certificates.
Update
I suggested you to just play with Stunnel because it would be too much work for you to write both of server and client sides from the beginning when you're not sure what you can do with SSL. Stunnel is a feature-complete (including mutual (aka 2-way) auth) and combat-proven example of a OpenSSL user software.
I think you need the following steps:
- Use Stunnel to connect to https://www.google.com/
- Use Stunnel to run a local SSL server with your self-signed certificate
- Use Stunnel to connect to 2.
- Use Python SSL to connect to 2.
- Use Python SSL to run a local SSL server with your self-signed certificate
- Use Python SSL to connect to 5.
Then you will learn what sequence of operations is necessary for your project. I can hardly imagine you would have a problem due to a lack of feature of Stunnel. If you have a problem with Stunnel, it would most likely be an inherent limitation of SSL and you will not be free from it after you switch to Python SSL.
Update 2
It might even be better to start with openssl s_client
and openssl s_server
than Stunnel. They are a kind of "SSL telnet."