def _SetUpUsingDummyCert(handler):
"""Sets up connection providing the certificate to the client.
This method handles Server Name Indication (SNI) using dummy certs.
Args:
handler: an instance of BaseHTTPServer.BaseHTTPRequestHandler that is used
by some instance of BaseHTTPServer.HTTPServer.
"""
# One of: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD
context = certutils.get_ssl_context()
def handle_servername(connection):
"""A SNI callback that happens during do_handshake()."""
try:
host = connection.get_servername()
if host:
cert_str = (handler.server.get_certificate(host))
new_context = certutils.get_ssl_context()
cert = certutils.load_cert(cert_str)
new_context.use_certificate(cert)
new_context.use_privatekey_file(handler.server.ca_cert_path)
connection.set_context(new_context)
return new_context
# else: fail with 'no domain.shared cipher'
except Exception, e:
# Do not leak any exceptions or else openssl crashes.
logging.error('Exception in SNI handler: %s', e)
def _SetUpUsingDummyCert(handler):
"""Sets up connection providing the certificate to the client.
This method handles Server Name Indication (SNI) using dummy certs.
Args:
handler: an instance of BaseHTTPServer.BaseHTTPRequestHandler that is used
by some instance of BaseHTTPServer.HTTPServer.
"""
# One of: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD
context = certutils.get_ssl_context()
def handle_servername(connection):
"""A SNI callback that happens during do_handshake()."""
try:
host = connection.get_servername()
if host:
cert_str = (
handler.server.get_certificate(host))
new_context = certutils.get_ssl_context()
cert = certutils.load_cert(cert_str)
new_context.use_certificate(cert)
new_context.use_privatekey_file(handler.server.ca_cert_path)
connection.set_context(new_context)
return new_context
# else: fail with 'no shared cipher'
except Exception, e:
# Do not leak any exceptions or else openssl crashes.
logging.error('Exception in SNI handler: %s', e)
def run_request(self):
context = certutils.get_ssl_context()
context.set_verify(certutils.VERIFY_PEER, self.verify_cb) # Demand a cert
context.use_certificate_file(self.ca_cert_path)
context.load_verify_locations(self.ca_cert_path)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.connection = certutils.get_ssl_connection(context, s)
self.connection.connect((self.host, self.port))
self.connection.set_tlsext_host_name(self.host_name)
try:
self.connection.send('\r\n\r\n')
finally:
self.connection.shutdown()
self.connection.close()
def handle_servername(connection):
"""A SNI callback that happens during do_handshake()."""
try:
host = connection.get_servername()
if host:
cert_str = (handler.server.get_certificate(host))
new_context = certutils.get_ssl_context()
cert = certutils.load_cert(cert_str)
new_context.use_certificate(cert)
new_context.use_privatekey_file(handler.server.ca_cert_path)
connection.set_context(new_context)
return new_context
# else: fail with 'no domain.shared cipher'
except Exception, e:
# Do not leak any exceptions or else openssl crashes.
logging.error('Exception in SNI handler: %s', e)
def run_request(self):
context = certutils.get_ssl_context()
context.set_verify(certutils.VERIFY_PEER, self.verify_cb) # Demand a cert
context.use_certificate_file(self.ca_cert_path)
context.load_verify_locations(self.ca_cert_path)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.connection = certutils.get_ssl_connection(context, s)
self.connection.connect((self.host, self.port))
self.connection.set_tlsext_host_name(self.host_name)
try:
self.connection.send('\r\n\r\n')
finally:
self.connection.shutdown()
self.connection.close()
def handle_servername(connection):
"""A SNI callback that happens during do_handshake()."""
try:
host = connection.get_servername()
if host:
cert_str = (
handler.server.get_certificate(host))
new_context = certutils.get_ssl_context()
cert = certutils.load_cert(cert_str)
new_context.use_certificate(cert)
new_context.use_privatekey_file(handler.server.ca_cert_path)
connection.set_context(new_context)
return new_context
# else: fail with 'no shared cipher'
except Exception, e:
# Do not leak any exceptions or else openssl crashes.
logging.error('Exception in SNI handler: %s', e)
def setup(self):
"""Sets up connection providing the certificate to the client."""
# One of: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD
context = certutils.get_ssl_context()
def handle_servername(connection):
"""A SNI callback that happens during do_handshake()."""
try:
host = connection.get_servername()
if host:
cert_str = (
self.server.http_archive_fetch.http_archive.get_certificate(host))
new_context = certutils.get_ssl_context()
cert = certutils.load_cert(cert_str)
new_context.use_certificate(cert)
new_context.use_privatekey_file(self.server.ca_cert_path)
connection.set_context(new_context)
return new_context
# else: fail with 'no shared cipher'
except Exception, e:
# Do not leak any exceptions or else openssl crashes.
logging.error('Exception in SNI handler', e)
def setup(self):
"""Sets up connection providing the certificate to the client."""
# One of: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD
context = certutils.get_ssl_context()
def handle_servername(connection):
"""A SNI callback that happens during do_handshake()."""
try:
host = connection.get_servername()
if host:
cert_str = (
self.server.http_archive_fetch.http_archive.get_certificate(host))
new_context = certutils.get_ssl_context()
cert = certutils.load_cert(cert_str)
new_context.use_certificate(cert)
new_context.use_privatekey_file(self.server.ca_cert_path)
connection.set_context(new_context)
return new_context
# else: fail with 'no shared cipher'
except Exception, e:
# Do not leak any exceptions or else openssl crashes.
logging.error('Exception in SNI handler', e)
