def handshake_multipleSteps(self):
"""Perform SSL handshakes.
This has to be called after the connection was accepted (acceptConnection_multipleSteps)
The remote credentials are gathered here
"""
try:
# M2Crypto does not provide public method to
# accept and handshake in two steps.
# So we have to do it manually
# The following lines are basically a copy/paste
# of the end of SSL.Connection.accept method
self.oSocket.setup_ssl()
self.oSocket.set_accept_state()
self.oSocket.accept_ssl()
check = getattr(self.oSocket, "postConnectionCheck", self.oSocket.serverPostConnectionCheck)
if check is not None:
if not check(self.oSocket.get_peer_cert(), self.oSocket.addr[0]):
raise SSL.Checker.SSLVerificationError("post connection check failed")
self.peerCredentials = getM2PeerInfo(self.oSocket)
# Now that the handshake has been performed on the server
# we can set the timeout for the RPC operations.
# In practice, since we are on the server side, the
# timeout we set here represents the timeout for receiving
# the arguments and sending back the response. This should
# in principle be reasonably quick, but just to be sure
# we can set it to the DEFAULT_RPC_TIMEOUT
self.oSocket.settimeout(DEFAULT_RPC_TIMEOUT)
return S_OK()
except (socket.error, SSL.SSLError, SSLVerificationError) as e:
return S_ERROR("Error in handhsake: %s %s" % (e, repr(e)))
def handshake_multipleSteps(self):
""" Perform SSL handshakes.
This has to be called after the connection was accepted (acceptConnection_multipleSteps)
The remote credentials are gathered here
"""
try:
# M2Crypto does not provide public method to
# accept and handshake in two steps.
# So we have to do it manually
# The following lines are basically a copy/paste
# of the end of SSL.Connection.accept method
self.oSocket.setup_ssl()
self.oSocket.set_accept_state()
self.oSocket.accept_ssl()
check = getattr(self.oSocket, 'postConnectionCheck',
self.oSocket.serverPostConnectionCheck)
if check is not None:
if not check(self.oSocket.get_peer_cert(),
self.oSocket.addr[0]):
raise SSL.Checker.SSLVerificationError(
'post connection check failed')
self.peerCredentials = getM2PeerInfo(self.oSocket)
return S_OK()
except (socket.error, SSL.SSLError, SSLVerificationError) as e:
return S_ERROR("Error in handhsake: %s %s" % (e, repr(e)))
def setClientSocket(self, oSocket):
""" Set the inner socket (i.e. SSL.Connection object) of this instance
to the value of oSocket.
This method is intended to be used to create client connection objects
from a server and should be considered to be an internal function.
:param oSocket: client socket SSL.Connection object
"""
self.oSocket = oSocket
self.remoteAddress = self.oSocket.getpeername()
self.peerCredentials = getM2PeerInfo(self.oSocket)
def setClientSocket_singleStep(self, oSocket):
""" Set the inner socket (i.e. SSL.Connection object) of this instance
to the value of oSocket.
We also gather the remote peer credentials
This method is intended to be used to create client connection objects
from a server and should be considered to be an internal function.
:param oSocket: client socket SSL.Connection object
"""
# TODO: The calling method (ServiceReactor.__acceptIncomingConnection) expects
# socket.error to be thrown in case of issue. Maybe we should catch the M2Crypto
# errors here and raise socket.error instead
self.oSocket = oSocket
self.remoteAddress = self.oSocket.getpeername()
self.peerCredentials = getM2PeerInfo(self.oSocket)
