def __init__(self, shared_settings, target, ssl_ctx,hello_workaround=False): """ Read the shared_settings object shared between all the plugins and configure the SSL_CTX and SSL objects accordingly. @type shared_settings: dict @param shared_settings: Shared settings object. @type target: (host, ip_addr, port) @param target: Server to connect to. @type ssl_ctx: ctSSL.SSL_CTX @param ssl_ctx: SSL_CTX object for the SSL connection. @type hello_workaround: bool @param hello_workaround: Enable client hello workaround. """ timeout = shared_settings['timeout'] (host, _, port) = target if hello_workaround: ssl_ctx.set_cipher_list(self.SSL_HELLO_WORKAROUND_CIPHERS) # Load client certificate and private key in the SSL_CTX object if shared_settings['cert']: if shared_settings['certform'] is 'DER': cert_type = constants.SSL_FILETYPE_ASN1 else: cert_type = constants.SSL_FILETYPE_PEM if shared_settings['keyform'] is 'DER': key_type = constants.SSL_FILETYPE_ASN1 else: key_type = constants.SSL_FILETYPE_PEM try: ssl_ctx.use_certificate_file(shared_settings['cert'], cert_type) ssl_ctx.use_PrivateKey_file(shared_settings['key'], key_type, shared_settings['keypass']) ssl_ctx.check_private_key() except errors.OpenSSLError as e: # TODO: Proper error checking # Also this should be done much earlier like after parsing the command line if 'bad decrypt' in str(e): raise ClientCertificateError('Invalid private key passphrase ?') else: raise # Create the SSL object ssl = SSL.SSL(ssl_ctx) # Add Server Name Indication if shared_settings['sni']: ssl.set_tlsext_host_name(shared_settings['sni']) # Create the proper SMTP / XMPP / HTTPS connection if shared_settings['starttls'] == 'smtp': ssl_connection = SMTPConnection(host, port, ssl, timeout) elif shared_settings['starttls'] == 'xmpp': if shared_settings['xmpp_to']: xmpp_to = shared_settings['xmpp_to'] else: xmpp_to = host ssl_connection = XMPPConnection(host, port, ssl, timeout, xmpp_to) elif shared_settings['https_tunnel_host']: # Using an HTTP CONNECT proxy to tunnel SSL traffic tunnel_host = shared_settings['https_tunnel_host'] tunnel_port = shared_settings['https_tunnel_port'] ssl_connection = HTTPSConnection(tunnel_host, tunnel_port, ssl, timeout=timeout) ssl_connection.set_tunnel(host, port) else: ssl_connection = HTTPSConnection(host, port, ssl, timeout=timeout) # All done self._ssl_connection = ssl_connection self._ssl_ctx = ssl_ctx self._ssl = ssl self._shared_settings = shared_settings
def __init__(self, shared_settings, target, ssl_ctx,hello_workaround=False): """ Read the shared_settings object shared between all the plugins and configure the SSL_CTX and SSL objects accordingly. @type shared_settings: dict @param shared_settings: Shared settings object. @type target: (host, ip_addr, port) @param target: Server to connect to. @type ssl_ctx: ctSSL.SSL_CTX @param ssl_ctx: SSL_CTX object for the SSL connection. @type hello_workaround: bool @param hello_workaround: Enable client hello workaround. """ timeout = shared_settings['timeout'] (host, ip_addr, port) = target if hello_workaround: ssl_ctx.set_cipher_list(self.SSL_HELLO_WORKAROUND_CIPHERS) # Create the SSL object ssl = SSL.SSL(ssl_ctx) # Load client certificate and private key in the SSL object if shared_settings['cert']: if shared_settings['certform'] is 'DER': ssl.use_certificate_file(shared_settings['cert'], constants.SSL_FILETYPE_ASN1) else: ssl.use_certificate_file(shared_settings['cert'], constants.SSL_FILETYPE_PEM) if shared_settings['keyform'] is 'DER': ssl.use_PrivateKey_file(shared_settings['key'], constants.SSL_FILETYPE_ASN1) else: ssl.use_PrivateKey_file(shared_settings['key'], constants.SSL_FILETYPE_PEM) ssl.check_private_key() # Create the proper SMTP / XMPP / HTTPS connection if shared_settings['starttls'] == 'smtp': ssl_connection = SMTPConnection(host, port, ssl, timeout) elif shared_settings['starttls'] == 'xmpp': if shared_settings['xmpp_to']: xmpp_to = shared_settings['xmpp_to'] else: xmpp_to = host ssl_connection = XMPPConnection(host, port, ssl, timeout, xmpp_to) elif shared_settings['https_tunnel_host']: # Using an HTTP CONNECT proxy to tunnel SSL traffic tunnel_host = shared_settings['https_tunnel_host'] tunnel_port = shared_settings['https_tunnel_port'] ssl_connection = HTTPSConnection(tunnel_host, tunnel_port, ssl, timeout=timeout) ssl_connection.set_tunnel(host, port) else: ssl_connection = HTTPSConnection(host, port, ssl, timeout=timeout) # All done self._ssl_connection = ssl_connection self._ssl_ctx = ssl_ctx self._ssl = ssl self._shared_settings = shared_settings