def parse_sslobject(self, hostname: str, sslobj: ssl.SSLObject):
if sslobj is None:
return
if hostname not in self._ssl_info:
cert_dict = sslobj.getpeercert(binary_form=False)
cert_bin = sslobj.getpeercert(binary_form=True)
# make cert_obj using cert_dict and cert_bin
cert_obj = cert_to_obj(cert_dict)
if cert_bin is not None and 'sha256' not in cert_obj:
update_obj_with_bin(cert_obj, cert_bin)
# store values
self._ssl_info[hostname] = {
'version': sslobj.version(),
'certificate': cert_obj
}
def selector_sni_callback(sslobj: ssl.SSLObject, server_name: str,
ctx: CertSelector) -> Optional[int]:
"""Select a certificate mathing the SNI."""
# Call server_name_callback to store the SNI on sslobj
server_name_callback(sslobj, server_name, ctx)
# Find a new context matching the hostname
try:
sslobj.context = find_cert(ctx, server_name)
except ValueError as e:
logger.warning(f"Rejecting TLS connection: {e}")
# This would show ERR_SSL_UNRECOGNIZED_NAME_ALERT on client side if
# asyncio/uvloop did proper SSL shutdown. They don't.
return ssl.ALERT_DESCRIPTION_UNRECOGNIZED_NAME
return None # mypy complains without explicit return
def __create_sslobj(self, server_side=False, session=None): # pylint:disable=unused-argument
sslobj = self._context._wrap_socket(self._sock, server_side,
self.server_hostname)
return SSLObject(sslobj, owner=self._sock)
def __create_sslobj(self, server_side=False, session=None):
sslobj = self._context._wrap_socket(self._sock, server_side,
self.server_hostname)
return SSLObject(sslobj, owner=self._sock, session=session)
def server_name_callback(sslobj: ssl.SSLObject, server_name: str,
ctx: ssl.SSLContext) -> None:
"""Store the received SNI as sslobj.sanic_server_name."""
sslobj.sanic_server_name = server_name # type: ignore