コード例 #1
0
    def __init__(self, shared_settings, target, ssl_ctx,hello_workaround=False):
        """
        Read the shared_settings object shared between all the plugins and 
        configure the SSL_CTX and SSL objects accordingly.

        @type shared_settings: dict
        @param shared_settings: Shared settings object.

        @type target: (host, ip_addr, port)
        @param target: Server to connect to.
        
        @type ssl_ctx: ctSSL.SSL_CTX
        @param ssl_ctx: SSL_CTX object for the SSL connection.
        
        @type hello_workaround: bool
        @param hello_workaround: Enable client hello workaround.       
        """
    
        timeout = shared_settings['timeout']
        (host, _, port) = target
        if hello_workaround:
            ssl_ctx.set_cipher_list(self.SSL_HELLO_WORKAROUND_CIPHERS)
        
        
        # Load client certificate and private key in the SSL_CTX object
        if shared_settings['cert']:
            if shared_settings['certform'] is 'DER':
                cert_type = constants.SSL_FILETYPE_ASN1
            else:
                cert_type =  constants.SSL_FILETYPE_PEM
                
            if shared_settings['keyform'] is 'DER':
                key_type = constants.SSL_FILETYPE_ASN1
            else:
                key_type = constants.SSL_FILETYPE_PEM
                
            try:
                ssl_ctx.use_certificate_file(shared_settings['cert'], cert_type)                
                ssl_ctx.use_PrivateKey_file(shared_settings['key'], key_type,
                                            shared_settings['keypass'])
                ssl_ctx.check_private_key()
            except errors.OpenSSLError as e: # TODO: Proper error checking
                # Also this should be done much earlier like after parsing the command line
                if 'bad decrypt' in str(e):
                    raise ClientCertificateError('Invalid private key passphrase ?')
                else:
                    raise

        # Create the SSL object
        ssl = SSL.SSL(ssl_ctx)
        
        # Add Server Name Indication
        if shared_settings['sni']:
            ssl.set_tlsext_host_name(shared_settings['sni'])
        
        # Create the proper SMTP / XMPP / HTTPS connection
        if shared_settings['starttls'] == 'smtp':
            ssl_connection = SMTPConnection(host, port, ssl, timeout)
        elif shared_settings['starttls'] == 'xmpp':
            if shared_settings['xmpp_to']:
                xmpp_to = shared_settings['xmpp_to']
            else:
                xmpp_to = host
                
            ssl_connection = XMPPConnection(host, port, ssl, timeout, xmpp_to)   
                 
        elif shared_settings['https_tunnel_host']:
            # Using an HTTP CONNECT proxy to tunnel SSL traffic
            tunnel_host = shared_settings['https_tunnel_host']
            tunnel_port = shared_settings['https_tunnel_port']
            ssl_connection = HTTPSConnection(tunnel_host, tunnel_port, ssl,  
                                            timeout=timeout)
            ssl_connection.set_tunnel(host, port)
        else:
            ssl_connection = HTTPSConnection(host, port, ssl, timeout=timeout)
            
        
        # All done
        self._ssl_connection = ssl_connection
        self._ssl_ctx = ssl_ctx
        self._ssl = ssl
        self._shared_settings = shared_settings
コード例 #2
0
ファイル: __init__.py プロジェクト: Nbblrr/sslyze
    def __init__(self, shared_settings, target, ssl_ctx,hello_workaround=False):
        """
        Read the shared_settings object shared between all the plugins and 
        configure the SSL_CTX and SSL objects accordingly.

        @type shared_settings: dict
        @param shared_settings: Shared settings object.

        @type target: (host, ip_addr, port)
        @param target: Server to connect to.
        
        @type ssl_ctx: ctSSL.SSL_CTX
        @param ssl_ctx: SSL_CTX object for the SSL connection.
        
        @type hello_workaround: bool
        @param hello_workaround: Enable client hello workaround.       
        """
    
        timeout = shared_settings['timeout']
        (host, ip_addr, port) = target
        if hello_workaround:
            ssl_ctx.set_cipher_list(self.SSL_HELLO_WORKAROUND_CIPHERS)
        
        # Create the SSL object
        ssl = SSL.SSL(ssl_ctx)

        # Load client certificate and private key in the SSL object
        if shared_settings['cert']:
            if shared_settings['certform'] is 'DER':
                ssl.use_certificate_file(shared_settings['cert'],
                                         constants.SSL_FILETYPE_ASN1)
            else:
                ssl.use_certificate_file(shared_settings['cert'],
                                         constants.SSL_FILETYPE_PEM)
    
            if shared_settings['keyform'] is 'DER':
                ssl.use_PrivateKey_file(shared_settings['key'],
                                        constants.SSL_FILETYPE_ASN1)
            else:
                ssl.use_PrivateKey_file(shared_settings['key'],
                                        constants.SSL_FILETYPE_PEM)
    
            ssl.check_private_key()
            
        
        # Create the proper SMTP / XMPP / HTTPS connection
        if shared_settings['starttls'] == 'smtp':
            ssl_connection = SMTPConnection(host, port, ssl, timeout)
        elif shared_settings['starttls'] == 'xmpp':
            if shared_settings['xmpp_to']:
                xmpp_to = shared_settings['xmpp_to']
            else:
                xmpp_to = host
                
            ssl_connection = XMPPConnection(host, port, ssl, timeout, xmpp_to)   
                 
        elif shared_settings['https_tunnel_host']:
            # Using an HTTP CONNECT proxy to tunnel SSL traffic
            tunnel_host = shared_settings['https_tunnel_host']
            tunnel_port = shared_settings['https_tunnel_port']
            ssl_connection = HTTPSConnection(tunnel_host, tunnel_port, ssl,  
                                            timeout=timeout)
            ssl_connection.set_tunnel(host, port)
        else:
            ssl_connection = HTTPSConnection(host, port, ssl, timeout=timeout)
            
        
        # All done
        self._ssl_connection = ssl_connection
        self._ssl_ctx = ssl_ctx
        self._ssl = ssl
        self._shared_settings = shared_settings