def infoCallback(connection: SSL.Connection, where: int, ret: int) -> None: try: return wrapped(connection, where, ret) except BaseException: f = Failure() logger.exception("Error during info_callback") connection.get_app_data().failVerification(f)
def alpn_select_callback(conn: SSL.Connection, options: List[bytes]) -> Any: app_data: AppData = conn.get_app_data() server_alpn = app_data["server_alpn"] http2 = app_data["http2"] if server_alpn and server_alpn in options: return server_alpn http_alpns = tls.HTTP_ALPNS if http2 else tls.HTTP1_ALPNS for alpn in options: # client sends in order of preference, so we are nice and respect that. if alpn in http_alpns: return alpn else: return SSL.NO_OVERLAPPING_PROTOCOLS
def alpn_select_callback(conn: SSL.Connection, options: List[bytes]) -> Any: app_data: AppData = conn.get_app_data() server_alpn = app_data["server_alpn"] http2 = app_data["http2"] if server_alpn and server_alpn in options: return server_alpn if server_alpn == b"": # We do have a server connection, but the remote server refused to negotiate a protocol: # We need to mirror this on the client connection. return SSL.NO_OVERLAPPING_PROTOCOLS http_alpns = tls.HTTP_ALPNS if http2 else tls.HTTP1_ALPNS for alpn in options: # client sends in order of preference, so we are nice and respect that. if alpn in http_alpns: return alpn else: return SSL.NO_OVERLAPPING_PROTOCOLS
def verify_context_info_cb( self, ssl_connection: SSL.Connection, where: int ) -> None: if where & SSL.SSL_CB_HANDSHAKE_START and not self._is_ip_address: ssl_connection.set_tlsext_host_name(self._hostnameBytes) if where & SSL.SSL_CB_HANDSHAKE_DONE and self._verify_certs: try: if self._is_ip_address: verify_ip_address(ssl_connection, self._hostnameASCII) else: verify_hostname(ssl_connection, self._hostnameASCII) except VerificationError: f = Failure() tls_protocol = ssl_connection.get_app_data() tls_protocol.failVerification(f)
def _context_info_cb(ssl_connection: SSL.Connection, where: int, ret: int) -> None: """The 'information callback' for our openssl context objects. Note: Once this is set as the info callback on a Context object, the Context should only be used with the SSLClientConnectionCreator. """ # we assume that the app_data on the connection object has been set to # a TLSMemoryBIOProtocol object. (This is done by SSLClientConnectionCreator) tls_protocol = ssl_connection.get_app_data() try: # ... we further assume that SSLClientConnectionCreator has set the # '_synapse_tls_verifier' attribute to a ConnectionVerifier object. tls_protocol._synapse_tls_verifier.verify_context_info_cb(ssl_connection, where) except BaseException: # taken from the twisted implementation logger.exception("Error during info_callback") f = Failure() tls_protocol.failVerification(f)