Esempio n. 1
0
        def SSL_Connect(ctx,
                        sock,
                        server_side=False,
                        accepted=False,
                        connected=False,
                        verify_names=None):
            if DEBUG: DEBUG('*** TLS is provided by native Python ssl')
            reqs = (verify_names and ssl.CERT_REQUIRED or ssl.CERT_NONE)
            try:
                fd = ssl.wrap_socket(sock,
                                     keyfile=ctx.privatekey_file,
                                     certfile=ctx.certchain_file,
                                     cert_reqs=reqs,
                                     ca_certs=ctx.ca_certs,
                                     do_handshake_on_connect=False,
                                     ssl_version=ctx.method,
                                     ciphers=ctx.ciphers,
                                     server_side=server_side)
            except:
                fd = ssl.wrap_socket(sock,
                                     keyfile=ctx.privatekey_file,
                                     certfile=ctx.certchain_file,
                                     cert_reqs=reqs,
                                     ca_certs=ctx.ca_certs,
                                     do_handshake_on_connect=False,
                                     ssl_version=ctx.method,
                                     server_side=server_side)

            if verify_names:
                fd.do_handshake()
                if not SSL_CheckPeerName(fd, verify_names):
                    raise SSL.Error(
                        ('Cert not in %s (%s)') % (verify_names, reqs))
            return fd
Esempio n. 2
0
 def test_error_if_short_key(self, mock_use_key):
     mock_use_key.side_effect = SSL.Error("reason")
     self.pair.regenerate(SERVER_NAME, 1024)
     errors = self.pair.check()
     self.assertEqual(
         errors,
         ["Unable to load SSL certificate and/or key: reason"]
     )
Esempio n. 3
0
 def handle_secure_connection(self, client_socket, request, dialog_id):
     """ performs all TLS stuff with client
         returns (wrapped secure_socket socket, client request after CONNECT)
     """
     client_socket.sendall(self.dialog_service.make_established_response(dialog_id))
     context = self.tls_service.create_ssl_context(request.host)
     secure_socket = SSL.Connection(context, client_socket)
     secure_socket.set_accept_state()
     try:
         secure_socket.do_handshake()
     except SSL.Error as err:
         secure_socket.close()
         raise SSL.Error(err)
         # return secure_socket, None
     # read application data request after handshake
     post_handshake_raw = read(secure_socket)
     final_request = self.dialog_service.make_request_from_raw(post_handshake_raw, dialog_id)
     return secure_socket, final_request
Esempio n. 4
0
def callRemote(proxy, function, callbackOK, callbackError, *args):
    proceed = True
    while proceed:
        try:
            # get arround missing python function for python version < 3.5
            li = []
            li.append(function)
            for ar in args:
                li.append(ar)
            # call the timeout function with our arguments, which executes our
            # function on JSONRPC Server and cacels the call if it takes longer
            # than the specified seconds in $timeout_duration
            handle = timeout(proxy.callRemote,
                             args=(tuple(li)),
                             kwargs={},
                             timeout_duration=60,
                             default=None)
            if(handle):
                # adds callback methods which are called from JSONRPC server.
                # $callbackOK gets called if there was no error
                # $callbackError gets called if there was an error like
                # a lost connection
                handle.addCallbacks(callbackOK, callbackError)
            else:
                print("Can not connect to " + function +
                      " please check cacert settings")
            # If we were able to execute our command, there was noi issue with
            # a missing/wrong decryption Key for our private key and we can
            # go further.
            proceed = False
        except SSL.Error as ex:
            # handle worn password or decrypt error,
            # raise it again if it was something else
            if('bad password read' in str(ex) or 'bad decrypt' in str(ex)):
                print("Wrong PEM decryption password entered, " +
                      "wasn't able to decrypt keyfile")
                exit()
            else:
                raise SSL.Error(ex)
Esempio n. 5
0
 def test_read_ssl_error(self):
     s = mock.MagicMock()
     s.read = mock.MagicMock(side_effect=SSL.Error())
     s = tcp.Reader(s)
     tutils.raises(TlsException, s.read, 1)
Esempio n. 6
0
 def test_read_ssl_error(self):
     s = mock.MagicMock()
     s.read = mock.MagicMock(side_effect=SSL.Error())
     s = tcp.Reader(s)
     with pytest.raises(exceptions.TlsException):
         s.read(1)
Esempio n. 7
0
 def raiser(_):
     # Unfortunately, there seems to be no way to trigger a real SSL
     # error artificially.
     raise SSL.Error([['', '', '']])
Esempio n. 8
0
 def test_read_ssl_error(self):
     s = mock.MagicMock()
     s.read = mock.MagicMock(side_effect=SSL.Error())
     s = tcp.Reader(s)
     tutils.raises(tcp.NetLibSSLError, s.read, 1)