コード例 #1
0
    def dataReceived(self, data):
        # type: (bytes) -> None
        if not self.tlsStarted:
            ProtocolWrapper.dataReceived(self, data)
            return

        self.encrypted += data

        try:
            while 1:
                decryptedData = self._decrypt()

                self._check()

                encryptedData = self._encrypt()
                ProtocolWrapper.write(self, encryptedData)

                ProtocolWrapper.dataReceived(self, decryptedData)

                if decryptedData == b'' and encryptedData == b'':
                    break
        except BIO.BIOError as e:
            # See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS
            # for the error codes returned by SSL_get_verify_result.
            e.args = (m2.ssl_get_verify_result(self.ssl._ptr()), e.args[0])
            raise e
コード例 #2
0
ファイル: m2.py プロジェクト: clones/kaa 
    def _check(self):
        if self._validated or not m2.ssl_is_init_finished(self._ssl.obj):
            return

        kwargs = self._starttls_kwargs
        if kwargs.get('verify'):
            # See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS
            # for the error codes returned by SSL_get_verify_result.
            if m2.ssl_get_verify_result(self._ssl.obj) != m2.X509_V_OK:
                raise TLSVerificationError('Peer certificate is not signed by a known CA')

        x509 = self._m2_check_err(m2.ssl_get_peer_cert(self._ssl.obj), TLSVerificationError)
        if x509 is not None:
            self.peer_cert = X509.X509(x509, 1)
        else:
            self.peer_cert = None

        if 'check' in kwargs or self.peer_cert:
            check = kwargs.get('check', (None, None))
            if check[0] is None:
                # Validate peer CN by default.
                host = self.peer[5]
            elif check[0] is False:
                # User requested to disable CN verification.
                host = None
            else:
                # User override for peer CN.
                host = check[0]
            fingerprint = check[1] if len(check) > 1 else None
            # TODO: normalize exceptions raised by Checker.
            M2Crypto.SSL.Checker.Checker(host, fingerprint)(self.peer_cert)

        self._validated = True
コード例 #3
0
    def _check(self):
        if self._validated or not m2.ssl_is_init_finished(self._ssl.obj):
            return

        kwargs = self._starttls_kwargs
        if kwargs.get('verify'):
            # See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS
            # for the error codes returned by SSL_get_verify_result.
            if m2.ssl_get_verify_result(self._ssl.obj) != m2.X509_V_OK:
                raise TLSVerificationError(
                    'Peer certificate is not signed by a known CA')

        x509 = self._m2_check_err(m2.ssl_get_peer_cert(self._ssl.obj),
                                  TLSVerificationError)
        if x509 is not None:
            self.peer_cert = X509.X509(x509, 1)
        else:
            self.peer_cert = None

        if 'check' in kwargs or self.peer_cert:
            check = kwargs.get('check', (None, None))
            if check[0] is None:
                # Validate peer CN by default.
                host = self.peer[5]
            elif check[0] is False:
                # User requested to disable CN verification.
                host = None
            else:
                # User override for peer CN.
                host = check[0]
            fingerprint = check[1] if len(check) > 1 else None
            # TODO: normalize exceptions raised by Checker.
            M2Crypto.SSL.Checker.Checker(host, fingerprint)(self.peer_cert)

        self._validated = True
コード例 #4
0
 def _clientHello(self):
     try:
         # We rely on OpenSSL implicitly starting with client hello
         # when we haven't yet established an SSL connection
         encryptedData = self._encrypt(clientHello=1)
         ProtocolWrapper.write(self, encryptedData)
         self.helloDone = 1
     except BIO.BIOError as e:
         # See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS
         # for the error codes returned by SSL_get_verify_result.
         e.args = (m2.ssl_get_verify_result(self.ssl._ptr()), e.args[0])
         raise e
コード例 #5
0
    def write(self, data):
        if not self.tlsStarted:
            ProtocolWrapper.write(self, data)
            return

        try:
            encryptedData = self._encrypt(data)
            ProtocolWrapper.write(self, encryptedData)
            self.helloDone = 1
        except M2Crypto.BIO.BIOError as e:
            # See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS
            # for the error codes returned by SSL_get_verify_result.
            e.args = (m2.ssl_get_verify_result(self.ssl._ptr()), e.args[0])
            raise e
コード例 #6
0
    def write(self, data):
        if not self.tlsStarted:
            ProtocolWrapper.write(self, data)
            return

        try:
            encryptedData = self._encrypt(data)
            ProtocolWrapper.write(self, encryptedData)
            self.helloDone = 1
        except M2Crypto.BIO.BIOError as e:
            # See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS
            # for the error codes returned by SSL_get_verify_result.
            e.args = (m2.ssl_get_verify_result(self.ssl._ptr()), e.args[0])
            raise e
コード例 #7
0
ファイル: Connection.py プロジェクト: Hypernode/M2Crypto 
 def get_verify_result(self):
     """Return the peer certificate verification result."""
     return m2.ssl_get_verify_result(self.ssl)
コード例 #8
0
ファイル: Connection.py プロジェクト: Hypernode/M2Crypto 
 def verify_ok(self):
     return (m2.ssl_get_verify_result(self.ssl) == m2.X509_V_OK)
コード例 #9
0
 def verify_ok(self):
     return (m2.ssl_get_verify_result(self.ssl) == m2.X509_V_OK)
コード例 #10
0
ファイル: Connection.py プロジェクト: mcepl/M2Crypto 
 def verify_ok(self):
     # type: () -> bool
     return (m2.ssl_get_verify_result(self.ssl) == m2.X509_V_OK)