def ssl_startup(self):
# Get encryption settings from client environment
host = self.account.host
algo = self.account.encryption_algorithm
key_size = self.account.encryption_key_size
hash_rounds = self.account.encryption_num_hash_rounds
salt_size = self.account.encryption_salt_size
# Get or create SSL context
try:
context = self.account.ssl_context
except AttributeError:
CA_file = getattr(self.account, 'ssl_ca_certificate_file', None)
verify_server_mode = getattr(self.account,'ssl_verify_server', 'hostname')
if verify_server_mode == 'none':
CA_file = None
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile=CA_file)
if CA_file is None:
context.check_hostname = False
context.verify_mode = 0 # VERIFY_NONE
# Wrap socket with context
wrapped_socket = context.wrap_socket(self.socket, server_hostname=host)
# Initial SSL handshake
wrapped_socket.do_handshake()
# Generate key (shared secret)
key = os.urandom(self.account.encryption_key_size)
# Send header-only message with client side encryption settings
packed_header = iRODSMessage.pack_header(algo,
key_size,
salt_size,
hash_rounds,
0)
wrapped_socket.sendall(packed_header)
# Send shared secret
packed_header = iRODSMessage.pack_header('SHARED_SECRET',
key_size,
0,
0,
0)
wrapped_socket.sendall(packed_header + key)
# Use SSL socket from now on
self.socket = wrapped_socket
def ssl_startup(self):
# Get encryption settings from client environment
host = self.account.host
algo = self.account.encryption_algorithm
key_size = self.account.encryption_key_size
hash_rounds = self.account.encryption_num_hash_rounds
salt_size = self.account.encryption_salt_size
# Get or create SSL context
try:
context = self.account.ssl_context
except AttributeError:
CA_file = getattr(self.account, 'ssl_ca_certificate_file', None)
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile=CA_file)
# Wrap socket with context
wrapped_socket = context.wrap_socket(self.socket, server_hostname=host)
# Initial SSL handshake
wrapped_socket.do_handshake()
# Generate key (shared secret)
key = os.urandom(self.account.encryption_key_size)
# Send header-only message with client side encryption settings
packed_header = iRODSMessage.pack_header(algo,
key_size,
salt_size,
hash_rounds,
0)
wrapped_socket.sendall(packed_header)
# Send shared secret
packed_header = iRODSMessage.pack_header('SHARED_SECRET',
key_size,
0,
0,
0)
wrapped_socket.sendall(packed_header + key)
# Use SSL socket from now on
self.socket = wrapped_socket
def ssl_startup(self):
# Get encryption settings from client environment
host = self.account.host
algo = self.account.encryption_algorithm
key_size = self.account.encryption_key_size
hash_rounds = self.account.encryption_num_hash_rounds
salt_size = self.account.encryption_salt_size
# Create SSL context
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
# Wrap socket with context
wrapped_socket = context.wrap_socket(self.socket, server_hostname=host)
# Initial SSL handshake
wrapped_socket.do_handshake()
# Generate key (shared secret)
key = os.urandom(self.account.encryption_key_size)
# Send header-only message with client side encryption settings
packed_header = iRODSMessage.pack_header(algo,
key_size,
salt_size,
hash_rounds,
0)
wrapped_socket.sendall(packed_header)
# Send shared secret
packed_header = iRODSMessage.pack_header('SHARED_SECRET',
key_size,
0,
0,
0)
wrapped_socket.sendall(packed_header + key)
# Use SSL socket from now on
self.socket = wrapped_socket