def main(): print 'initializing ctx ...' ctx = M2Crypto.SSL.Context(protocol='sslv2') ctx.load_cert_chain(certchainfile=CERTFILE, keyfile=KEYFILE) ctx.set_options(m2.SSL_OP_ALL) ctx.set_cipher_list('ALL') print 'initializing socket and accepting connection ...' sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.bind(('0.0.0.0', 8443)) sock.listen(1) conn, addr = sock.accept() print 'ssl handshake ...' ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn) ssl_conn.set_socket_read_timeout(timeout(2)) ssl_conn.setup_ssl() ssl_conn_res = ssl_conn.accept_ssl() if ssl_conn_res == 1: print 'SSL connection accepted' else: res = ssl_conn.ssl_get_error(ssl_conn_res) print 'SSL handshake failed: %s (\'%s\')' % (res, resolve_ssl_code(res))
def handle(self, conn, profile, file_bag): ctx = M2Crypto.SSL.Context(self.proto, weak_crypto=True) ctx.load_cert_chain(certchainfile=profile.certnkey.cert_filename, keyfile=profile.certnkey.key_filename) set_ephemeral_params(ctx) self.logger.debug('trying to accept SSL connection %s with profile %s', conn, profile) try: # try to accept SSL connection ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn.sock) ssl_conn.set_socket_read_timeout(timeout(self.sock_read_timeout)) ssl_conn.setup_ssl() ssl_conn_res = ssl_conn.accept_ssl() if ssl_conn_res != 1: res = ssl_conn.ssl_get_error(ssl_conn_res) res = resolve_ssl_code(res) self.logger.debug('SSL handshake failed: %s', res) return ConnectionAuditResult(conn, profile, res) self.logger.debug( 'SSL connection accepted, version %s, cipher %s' % (ssl_conn.get_version(), ssl_conn.get_cipher())) if ssl_conn.get_version( ) == 'SSLv2' and ssl_conn.get_cipher() is None: ## workaround for #46 raise Exception(UNEXPECTED_EOF) # try to read something from the client start_time = time() client_req = ssl_conn.read(size=MAX_SIZE) end_time = time() dt = end_time - start_time if client_req == None: # read timeout res = ConnectedReadTimeout(dt) else: if len(client_req) == 0: # EOF or timeout? XXX if dt < self.sock_read_timeout: res = ConnectedGotEOFBeforeTimeout(dt) else: res = ConnectedReadTimeout(dt) else: # got data res = ConnectedGotRequest(client_req, dt, file_bag) except Exception as ex: res = str(ex) self.logger.debug('SSL accept failed: %s', ex) # report the result return ConnectionAuditResult(conn, profile, res)
def handle(self, conn, profile, file_bag): ctx = M2Crypto.SSL.Context(self.proto, weak_crypto=True) ctx.load_cert_chain(certchainfile=profile.certnkey.cert_filename, keyfile=profile.certnkey.key_filename) set_ephemeral_params(ctx) self.logger.debug('trying to accept SSL connection %s with profile %s', conn, profile) try: # try to accept SSL connection ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn.sock) ssl_conn.set_socket_read_timeout(timeout(self.sock_read_timeout)) ssl_conn.setup_ssl() ssl_conn_res = ssl_conn.accept_ssl() if ssl_conn_res != 1: res = ssl_conn.ssl_get_error(ssl_conn_res) res = resolve_ssl_code(res) self.logger.debug('SSL handshake failed: %s', res) return ConnectionAuditResult(conn, profile, res) self.logger.debug( 'SSL connection accepted, version %s, cipher %s' % (ssl_conn.get_version(), ssl_conn.get_cipher())) if ssl_conn.get_version() == 'SSLv2' and ssl_conn.get_cipher() is None: ## workaround for #46 raise Exception(UNEXPECTED_EOF) # try to read something from the client start_time = time() client_req = ssl_conn.read(size=MAX_SIZE) end_time = time() dt = end_time - start_time if client_req == None: # read timeout res = ConnectedReadTimeout(dt) else: if len(client_req) == 0: # EOF or timeout? XXX if dt < self.sock_read_timeout: res = ConnectedGotEOFBeforeTimeout(dt) else: res = ConnectedReadTimeout(dt) else: # got data res = ConnectedGotRequest(client_req, dt, file_bag) except Exception as ex: res = str(ex) self.logger.debug('SSL accept failed: %s', ex) # report the result return ConnectionAuditResult(conn, profile, res)
def handle(self, conn, profile): ctx = M2Crypto.SSL.Context(self.proto) ctx.load_cert_chain(certchainfile=profile.certnkey.cert_filename, keyfile=profile.certnkey.key_filename) self.logger.debug('trying to accept SSL connection %s with profile %s', conn, profile) try: # try to accept SSL connection ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn.sock) ssl_conn.set_socket_read_timeout(timeout(self.sock_read_timeout)) ssl_conn.setup_ssl() ssl_conn_res = ssl_conn.accept_ssl() if ssl_conn_res == 1: self.logger.debug('SSL connection accepted') else: self.logger.debug('SSL handshake failed: %s', ssl_conn.ssl_get_error(ssl_conn_res)) res = ssl_conn.ssl_get_error(ssl_conn_res) return ClientConnectionAuditResult(conn, profile, res) # try to read something from the client start_time = time() client_req = ssl_conn.read(size=MAX_SIZE) end_time = time() dt = end_time - start_time if client_req == None: # read timeout res = ConnectedReadTimeout(dt) else: if len(client_req) == 0: # EOF or timeout? XXX if dt < self.sock_read_timeout: res = ConnectedGotEOFBeforeTimeout(dt) else: res = ConnectedReadTimeout(dt) else: # got data res = ConnectedGotRequest(client_req, dt) except Exception as ex: res = ex.message self.logger.debug('SSL accept failed: %s', ex) # report the result return ClientConnectionAuditResult(conn, profile, res)
def handle(self, conn, profile, file_bag): # create a context, explicitly specify the flavour of the protocol ctx = M2Crypto.SSL.Context(protocol=profile.profile_spec.proto, weak_crypto=True) ctx.load_cert_chain(certchainfile=profile.certnkey.cert_filename, keyfile=profile.certnkey.key_filename) set_ephemeral_params(ctx) # set restrict all protocols except the one prescribed by the profile options = m2.SSL_OP_ALL if profile.profile_spec.proto == 'sslv2': options |= m2.SSL_OP_NO_SSLv3 | m2.SSL_OP_NO_TLSv1 elif profile.profile_spec.proto == 'sslv3': options |= m2.SSL_OP_NO_SSLv2 | m2.SSL_OP_NO_TLSv1 elif profile.profile_spec.proto == 'tlsv1': options |= m2.SSL_OP_NO_SSLv2 | m2.SSL_OP_NO_SSLv3 else: raise ValueError('unsupported protocol: %s' % profile.profile_spec.proto) ctx.set_options(options) # set allowed ciphers ctx.set_cipher_list(profile.profile_spec.cipher) self.logger.debug('trying to accept SSL connection %s with profile %s', conn, profile) try: # try to accept SSL connection ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn.sock) ssl_conn.set_socket_read_timeout(timeout(self.sock_read_timeout)) ssl_conn.setup_ssl() ssl_conn_res = ssl_conn.accept_ssl() if ssl_conn_res == 1: self.logger.debug( 'SSL connection accepted, version %s cipher %s' % (ssl_conn.get_version(), ssl_conn.get_cipher())) if ssl_conn.get_version() == 'SSLv2' and ssl_conn.get_cipher() is None: # workaround for #46 raise Exception(UNEXPECTED_EOF) return ConnectionAuditResult(conn, profile, Connected()) else: res = ssl_conn.ssl_get_error(ssl_conn_res) res = resolve_ssl_code(res) self.logger.debug('SSL handshake failed: %s', res) return ConnectionAuditResult(conn, profile, res) except Exception as ex: res = str(ex) self.logger.debug('SSL accept failed: %s', ex) return ConnectionAuditResult(conn, profile, res)
def main(): print "initializing ctx ..." ctx = M2Crypto.SSL.Context() ctx.load_cert_chain(certchainfile=CERTFILE, keyfile=KEYFILE) ctx.set_options(m2.SSL_OP_ALL) ctx.set_cipher_list("ALL") print "initializing socket ..." sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.bind(("0.0.0.0", 8443)) sock.listen(1) conn, addr = sock.accept() print "ssl handshake ..." ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn) ssl_conn.set_socket_read_timeout(timeout(3)) ssl_conn.setup_ssl() ssl_conn_res = ssl_conn.accept_ssl() if ssl_conn_res == 1: print "SSL connection accepted" else: err = ssl_conn.ssl_get_error(ssl_conn_res) print "SSL handshake failed: res=%d, error=%s" % (ssl_conn_res, err)
def main(): print 'initializing ctx ...' ctx = M2Crypto.SSL.Context() ctx.load_cert_chain(certchainfile=CERTFILE, keyfile=KEYFILE) ctx.set_options(m2.SSL_OP_ALL) ctx.set_cipher_list('ALL') print 'initializing socket ...' sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.bind(('0.0.0.0', 8443)) sock.listen(1) conn, addr = sock.accept() print 'ssl handshake ...' ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn) ssl_conn.set_socket_read_timeout(timeout(3)) ssl_conn.setup_ssl() ssl_conn_res = ssl_conn.accept_ssl() if ssl_conn_res == 1: print 'SSL connection accepted' else: err = ssl_conn.ssl_get_error(ssl_conn_res) print 'SSL handshake failed: res=%d, error=%s' % (ssl_conn_res, err)