def creatorForNetloc(self, hostname, port):
opts = ClientTLSOptions(
hostname.decode("ascii"),
OpenSSLCertificateOptions(verify=False).getContext())
# This forces Twisted to not validate the hostname of the certificate.
opts._ctx.set_info_callback(lambda *args: None)
return opts
def getContext(self, hostname=None, port=None):
self.method = SSL.SSLv23_METHOD
ctx = ScrapyClientContextFactory.getContext(self)
ctx.set_options(SSL.OP_ALL)
if hostname:
ClientTLSOptions(hostname, ctx)
return ctx
def getContext(self, hostname=None, port=None):
ctx = ClientContextFactory.getContext(self)
# Enable all workarounds to SSL bugs as documented by
# http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
ctx.set_options(SSL.OP_ALL)
if hostname:
ClientTLSOptions(hostname, ctx)
return ctx
def _identityVerifyingInfoCallback(self, connection, where, ret):
"""
In case *where* indicates that the SSL handshake has been done,
this does nothing (as opposed to ClientTLSOptions._identityVerifyingInfoCallback,
which would validate the certificate). In all other cases,
the superclass method is called.
"""
if where & SSL_CB_HANDSHAKE_DONE:
# ClientTLSOptions._identityVerifyingInfoCallback would validate the certificate
# in that case. Instead, we just do nothing.
pass
else:
return ClientTLSOptions._identityVerifyingInfoCallback(
self, connection, where, ret)
def get_options(self, host):
# Use _makeContext so that we get a fresh OpenSSL CTX each time.
# Check if certificate verification has been enabled
should_verify = self._config.federation_verify_certificates
# Check if we've disabled certificate verification for this host
if should_verify:
for regex in self._config.federation_certificate_verification_whitelist:
if regex.match(host):
should_verify = False
break
if should_verify:
return ClientTLSOptions(host, self._options_verify._makeContext())
return ClientTLSOptionsNoVerify(host,
self._options_noverify._makeContext())
def getContext(self, hostname=None, port=None):
ctx = ClientContextFactory.getContext(self)
# Enable all workarounds to SSL bugs as documented by
# http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
ctx.set_options(SSL.OP_ALL)
if hostname:
ClientTLSOptions(hostname, ctx)
return ctx
from OpenSSL import SSL
# class CustomContextFactory(ScrapyClientContextFactory):
# """
# Custom context factory that allows SSL negotiation.
# """
# def __init__(self):
# # Use SSLv23_METHOD so we can use protocol negotiation
# self.method = SSL.SSLv23_METHOD
def creatorForNetloc(self, hostname, port):
certificateOptions = OpenSSLCertificateOptions()
return ClientTLSOptions(hostname, certificateOptions.getContext())
def getContext(self): # NOQA: N802
ctx = ssl.ClientContextFactory.getContext(self)
ClientTLSOptions(host, ctx)
return ctx
def getContext(self, hostname=None, port=None):
ctx = ClientContextFactory.getContext(self)
ctx.set_options(SSL.OP_ALL)
if hostname:
ClientTLSOptions(hostname, ctx)
return ctx
def getContext(self):
ctx = self._contextFactory(self.method)
if self.hostname:
ClientTLSOptions(self.hostname, ctx)
return ctx
def getContext(self, hostname=None, port=None): ctx = ssl.ClientContextFactory.getContext(self) ClientTLSOptions(hostname, ctx) return ctx
def get_options(self, host):
# Use _makeContext so that we get a fresh OpenSSL CTX each time.
return ClientTLSOptions(host, self._options._makeContext())
def creatorForNetloc(self, hostname, port):
certificateOptions = TorProjectCertificateOptions(self.torproject_pem)
return ClientTLSOptions(hostname.decode('utf-8'),
certificateOptions.getContext(hostname, port))
def creatorForNetloc(self, hostname, port):
return ClientTLSOptions(hostname.decode("ascii"), self.getContext())