def ctSSL_initialize(multithreading=False, zlib=False):
"""
Initialize ctSSL's ctypes bindings, and OpenSSL libraries and error
strings. Should always be called before any other ctSSL function.
@type multithreading: boolean
@param multithreading: Initialize OpenSSL multithreading support.
TODO: This actually doesn't do anything ATM.
@type zlib: boolean
@param zlib: Initialize support for Zlib compression.
"""
# Initialize multithreading
multithreading = False # TODO: Clean start. Disabled for now, causes issues
# Might not be required ?
if multithreading:
openSSL_threading_init()
openSSL_threading = True
# Initialize libraries and error strings
libssl.SSL_library_init()
libssl.SSL_load_error_strings()
if libcrypto.RAND_status() != 1:
raise ctSSLInitError('OpenSSL PRNG not seeded with enough data.')
# Tell ctypes the arguments and return types for every C function that is exposed
BIO.init_BIO_functions()
SSL_CTX.init_SSL_CTX_functions()
SSL.init_SSL_functions()
SSL_SESSION.init_SSL_SESSION_functions()
X509.init_X509_functions()
errors.init_ERR_functions()
if zlib: # Enable Zlib compression. Can only be done globally.
try:
libcrypto.COMP_zlib.argtypes = []
libcrypto.COMP_zlib.restype = c_void_p
libssl.SSL_COMP_add_compression_method.argtypes = [c_int, c_void_p]
libssl.SSL_COMP_add_compression_method.restype = c_int
zlib_comp_p = libcrypto.COMP_zlib()
has_zlib = libssl.SSL_COMP_add_compression_method(1, zlib_comp_p)
except AttributeError: # OpenSSL is super old and COMP_XX() is not defined ?
raise errors.ctSSLFeatureNotAvailable(
"Could not enable Zlib compression: not supported by the version of the OpenSSL library that was loaded ?"
)
except: # TODO: Check for common errors here and add meaningful error message
raise
if has_zlib != 0:
raise errors.ctSSLFeatureNotAvailable(
"Could not enable Zlib compression: OpenSSL was not built with Zlib support ?"
)
features_not_available.ZLIB_NOT_AVAIL = False
def ctSSL_initialize(multithreading=False, zlib=False):
"""
Initialize ctSSL's ctypes bindings, and OpenSSL libraries and error
strings. Should always be called before any other ctSSL function.
@type multithreading: boolean
@param multithreading: Initialize OpenSSL multithreading support.
TODO: This actually doesn't do anything ATM.
@type zlib: boolean
@param zlib: Initialize support for Zlib compression.
"""
# Initialize multithreading
multithreading = False # TODO: Clean start. Disabled for now, causes issues
# Might not be required ?
if multithreading:
openSSL_threading_init()
openSSL_threading = True
# Initialize libraries and error strings
libssl.SSL_library_init()
libssl.SSL_load_error_strings()
if libcrypto.RAND_status() != 1:
raise ctSSLInitError("OpenSSL PRNG not seeded with enough data.")
# Tell ctypes the arguments and return types for every C function that is exposed
BIO.init_BIO_functions()
SSL_CTX.init_SSL_CTX_functions()
SSL.init_SSL_functions()
SSL_SESSION.init_SSL_SESSION_functions()
X509.init_X509_functions()
errors.init_ERR_functions()
if zlib: # Enable Zlib compression. Can only be done globally.
try:
libcrypto.COMP_zlib.argtypes = []
libcrypto.COMP_zlib.restype = c_void_p
libssl.SSL_COMP_add_compression_method.argtypes = [c_int, c_void_p]
libssl.SSL_COMP_add_compression_method.restype = c_int
zlib_comp_p = libcrypto.COMP_zlib()
has_zlib = libssl.SSL_COMP_add_compression_method(1, zlib_comp_p)
except AttributeError: # OpenSSL is super old and COMP_XX() is not defined ?
raise errors.ctSSLFeatureNotAvailable(
"Could not enable Zlib compression: not supported by the version of the OpenSSL library that was loaded ?"
)
except: # TODO: Check for common errors here and add meaningful error message
raise
if has_zlib != 0:
raise errors.ctSSLFeatureNotAvailable(
"Could not enable Zlib compression: OpenSSL was not built with Zlib support ?"
)
features_not_available.ZLIB_NOT_AVAIL = False
def __init__(self, ssl_version='sslv23'):
"""
Create a new SSL_CTX instance.
@type ssl_version: str
@param ssl_version: SSL protocol version to use. Should be 'sslv23',
'sslv2', 'sslv3', 'tlsv1', 'tlsv1_1' or 'tlsv1_2'.
@raise ctSSL.errors.ctSSLError: Could not create the SSL_CTX C struct
(SSL_CTX_new() failed).
"""
self._ssl_ctx_struct_p = None
self._pem_passwd_cb = None
if ssl_version == 'sslv23':
ssl_version = libssl.SSLv23_method()
elif ssl_version == 'sslv2':
if features_not_available.SSL2_NOT_AVAIL:
raise ctSSLFeatureNotAvailable('SSLv2 disabled.')
ssl_version = libssl.SSLv2_method()
elif ssl_version == 'sslv3':
ssl_version = libssl.SSLv3_method()
elif ssl_version == 'tlsv1':
ssl_version = libssl.TLSv1_method()
elif ssl_version == 'tlsv1_1':
if features_not_available.TLS1_1_TLS1_2_NOT_AVAIL:
raise ctSSLFeatureNotAvailable(
'TLS 1.1 is not supported by the'
' version of the OpenSSL library that was loaded.'
' Upgrade to 1.0.1 or later.')
ssl_version = libssl.TLSv1_1_method()
elif ssl_version == 'tlsv1_2':
if features_not_available.TLS1_1_TLS1_2_NOT_AVAIL:
raise ctSSLFeatureNotAvailable(
'TLS 1.2 is not supported by the'
' version of the OpenSSL library that was loaded.'
' Upgrade to 1.0.1 or later.')
ssl_version = libssl.TLSv1_2_method()
else:
raise ctSSLError(
'Incorrect SSL version. Could not create SSL_CTX.')
self._ssl_ctx_struct_p = libssl.SSL_CTX_new(ssl_version)
def __init__(self, ssl_version='sslv23'):
"""
Create a new SSL_CTX instance.
@type ssl_version: str
@param ssl_version: SSL protocol version to use. Should be 'sslv23',
'sslv2', 'sslv3', 'tlsv1', 'tlsv1_1' or 'tlsv1_2'.
@raise ctSSL.errors.ctSSLError: Could not create the SSL_CTX C struct
(SSL_CTX_new() failed).
"""
self._ssl_ctx_struct_p = None
self._pem_passwd_cb = None
if ssl_version == 'sslv23':
ssl_version = libssl.SSLv23_method()
elif ssl_version == 'sslv2':
if features_not_available.SSL2_NOT_AVAIL:
raise ctSSLFeatureNotAvailable('SSLv2 disabled.')
ssl_version = libssl.SSLv2_method()
elif ssl_version == 'sslv3':
ssl_version = libssl.SSLv3_method()
elif ssl_version == 'tlsv1':
ssl_version = libssl.TLSv1_method()
elif ssl_version == 'tlsv1_1':
if features_not_available.TLS1_1_TLS1_2_NOT_AVAIL:
raise ctSSLFeatureNotAvailable('TLS 1.1 is not supported by the'
' version of the OpenSSL library that was loaded.'
' Upgrade to 1.0.1 or later.')
ssl_version = libssl.TLSv1_1_method()
elif ssl_version == 'tlsv1_2':
if features_not_available.TLS1_1_TLS1_2_NOT_AVAIL:
raise ctSSLFeatureNotAvailable('TLS 1.2 is not supported by the'
' version of the OpenSSL library that was loaded.'
' Upgrade to 1.0.1 or later.')
ssl_version = libssl.TLSv1_2_method()
else:
raise ctSSLError('Incorrect SSL version. Could not create SSL_CTX.')
self._ssl_ctx_struct_p = libssl.SSL_CTX_new(ssl_version)
def set_tlsext_host_name(self, name):
if features_not_available.SNI_NOT_AVAIL:
raise errors.ctSSLFeatureNotAvailable(
'SSL_set_tlsext_host_name() is not supported by the'
' version of the OpenSSL library that was loaded.')
name_buffer = create_string_buffer(name)
if libssl.SSL_ctrl(self._ssl_struct_p, SSL_CTRL_SET_TLSEXT_HOSTNAME,
TLSEXT_NAMETYPE_host_name, name_buffer):
return True
else:
return False
def set_tlsext_host_name(self, name):
if features_not_available.SNI_NOT_AVAIL:
raise errors.ctSSLFeatureNotAvailable(
'SSL_set_tlsext_host_name() is not supported by the'
' version of the OpenSSL library that was loaded.')
name_buffer = create_string_buffer(name)
if libssl.SSL_ctrl(self._ssl_struct_p, SSL_CTRL_SET_TLSEXT_HOSTNAME,
TLSEXT_NAMETYPE_host_name, name_buffer):
return True
else:
return False
def get_current_compression(self):
"""
H4ck to figure out whether the current connection is using compression.
TODO: Cleaner API.
"""
if features_not_available.ZLIB_NOT_AVAIL:
raise errors.ctSSLFeatureNotAvailable(
'ctSSL was not initialized with Zlib compression support. See ctSSL_initialize().')
session_txt = self.get_session().as_text()
for l in session_txt.split('\n'):
if 'Compression' in l:
return l.replace('Compression: 1 ', '').strip()
return False
def get_current_compression(self):
"""
H4ck to figure out whether the current connection is using compression.
TODO: Cleaner API.
"""
if features_not_available.ZLIB_NOT_AVAIL:
raise errors.ctSSLFeatureNotAvailable(
'ctSSL was not initialized with Zlib compression support. See ctSSL_initialize().')
session_txt = self.get_session().as_text()
for l in session_txt.split('\n'):
if 'Compression' in l:
return l.replace('Compression: 1 ', '').strip()
return False
def get_secure_renegotiation_support(self):
"""
Check whether the peer supports secure renegotiation.
Directly calls OpenSSL's SSL_get_secure_renegotiation_support().
@rtype: bool
@return: True if the peer supports secure renegotiation.
@raise ctSSL.errors.ctSSLFeatureNotAvailable
"""
if features_not_available.SSL_SECURE_RENEGOTIATION_NOT_AVAIL:
raise errors.ctSSLFeatureNotAvailable(
'SSL_get_secure_renegotiation_support() is not supported by the'
' version of the OpenSSL library that was loaded. '
'Upgrade to OpenSSL 0.9.8m or later.')
if libssl.SSL_ctrl(self._ssl_struct_p, SSL_CTRL_GET_RI_SUPPORT, 0,None):
return True
else:
return False
def get_secure_renegotiation_support(self):
"""
Check whether the peer supports secure renegotiation.
Directly calls OpenSSL's SSL_get_secure_renegotiation_support().
@rtype: bool
@return: True if the peer supports secure renegotiation.
@raise ctSSL.errors.ctSSLFeatureNotAvailable
"""
if features_not_available.SSL_SECURE_RENEGOTIATION_NOT_AVAIL:
raise errors.ctSSLFeatureNotAvailable(
'SSL_get_secure_renegotiation_support() is not supported by the'
' version of the OpenSSL library that was loaded. '
'Upgrade to OpenSSL 0.9.8m or later.')
if libssl.SSL_ctrl(self._ssl_struct_p, SSL_CTRL_GET_RI_SUPPORT, 0,None):
return True
else:
return False
