コード例 #1
0
ファイル: OCSP_RESPONSE_Tests.py プロジェクト: danadam/nassl 
    def setUp(self):
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(5)
        sock.connect(("login.live.com", 443))

        ssl_client = SslClient(sock=sock, ssl_verify=SSL_VERIFY_NONE)
        ssl_client.set_tlsext_status_ocsp()
        ssl_client.do_handshake()
        self.ocsp_response = ssl_client.get_tlsext_status_ocsp_resp()._ocsp_response
コード例 #2
0
    def setUp(self):
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(5)
        sock.connect(("login.live.com", 443))

        ssl_client = SslClient(sock=sock, ssl_verify=SSL_VERIFY_NONE)
        ssl_client.set_tlsext_status_ocsp()
        ssl_client.do_handshake()
        self.ocsp_response = ssl_client.get_tlsext_status_ocsp_resp(
        )._ocsp_response
コード例 #3
0
    def test_sct_parsing(self):
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(5)
        sock.connect(('sslanalyzer.comodoca.com', 443))

        ssl_client = SslClient(underlying_socket=sock, ssl_verify=OpenSslVerifyEnum.NONE)
        ssl_client.set_tlsext_status_ocsp()
        ssl_client.do_handshake()
        ocsp_response = ssl_client.get_tlsext_status_ocsp_resp()
        ssl_client.shutdown()
        sock.close()

        self.assertIsNotNone(ocsp_response.as_dict()['responses'][0]['singleExtensions']['ctCertificateScts'])
コード例 #4
0
    def test(self):
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(5)
        sock.connect(('www.cloudflare.com', 443))

        ssl_client = SslClient(underlying_socket=sock,
                               ssl_verify=OpenSslVerifyEnum.NONE)
        ssl_client.set_tlsext_status_ocsp()
        ssl_client.do_handshake()
        ocsp_response = ssl_client.get_tlsext_status_ocsp_resp()
        ssl_client.shutdown()

        self.assertEqual(ocsp_response.status,
                         OcspResponseStatusEnum.SUCCESSFUL)

        # Test as_text()
        self.assertIsNotNone(ocsp_response.as_text())

        # Test verify with a wrong certificate
        test_file = tempfile.NamedTemporaryFile(delete=False, mode='wt')
        test_file.write("""-----BEGIN CERTIFICATE-----
MIIDCjCCAnOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBgDELMAkGA1UEBhMCRlIx
DjAMBgNVBAgMBVBhcmlzMQ4wDAYDVQQHDAVQYXJpczEWMBQGA1UECgwNRGFzdGFy
ZGx5IEluYzEMMAoGA1UECwwDMTIzMQ8wDQYDVQQDDAZBbCBCYW4xGjAYBgkqhkiG
9w0BCQEWC2xvbEBsb2wuY29tMB4XDTEzMDEyNzAwMDM1OFoXDTE0MDEyNzAwMDM1
OFowgZcxCzAJBgNVBAYTAkZSMQwwCgYDVQQIDAMxMjMxDTALBgNVBAcMBFRlc3Qx
IjAgBgNVBAoMGUludHJvc3B5IFRlc3QgQ2xpZW50IENlcnQxCzAJBgNVBAsMAjEy
MRUwEwYDVQQDDAxBbGJhbiBEaXF1ZXQxIzAhBgkqhkiG9w0BCQEWFG5hYmxhLWMw
ZDNAZ21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlnvP1ltVO
8JDNT3AA99QqtiqCi/7BeEcFDm2al46mv7looz6CmB84osrusNVFsS5ICLbrCmeo
w5sxW7VVveGueBQyWynngl2PmmufA5Mhwq0ZY8CvwV+O7m0hEXxzwbyGa23ai16O
zIiaNlBAb0mC2vwJbsc3MTMovE6dHUgmzQIDAQABo3sweTAJBgNVHRMEAjAAMCwG
CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV
HQ4EFgQUYR45okpFsqTYB1wlQQblLH9cRdgwHwYDVR0jBBgwFoAUP0X2HQlaca7D
NBzVbsjsdhzOqUQwDQYJKoZIhvcNAQEFBQADgYEAWEOxpRjvKvTurDXK/sEUw2KY
gmbbGP3tF+fQ/6JS1VdCdtLxxJAHHTW62ugVTlmJZtpsEGlg49BXAEMblLY/K7nm
dWN8oZL+754GaBlJ+wK6/Nz4YcuByJAnN8OeTY4Acxjhks8PrAbZgcf0FdpJaAlk
Pd2eQ9+DkopOz3UGU7c=
-----END CERTIFICATE-----""")
        test_file.close()
        self.assertRaises(OcspResponseNotTrustedError, ocsp_response.verify,
                          test_file.name)

        # No SCT extension
        self.assertFalse('singleExtensions' in ocsp_response.as_dict()
                         ['responses'][0].keys())
コード例 #5
0
ssl_client = SslClient(
    ssl_version=OpenSslVersionEnum.TLSV1_2,
    underlying_socket=sock,
    ssl_verify=OpenSslVerifyEnum.PEER,
    ssl_verify_locations=mozilla_store,
)
ssl_client.set_tlsext_status_ocsp()
ssl_client.do_handshake()

print("Received certificate chain")
for pem_cert in ssl_client.get_received_chain():
    print(pem_cert)

print("Verified certificate chain")
for pem_cert in ssl_client.get_verified_chain():
    print(pem_cert)

print("OCSP Stapling")
ocsp_resp = ssl_client.get_tlsext_status_ocsp_resp()
if ocsp_resp:
    ocsp_resp.verify(Path(mozilla_store))
    print(ocsp_resp.status)

print("\nCipher suite")
print(ssl_client.get_current_cipher_name())

print("\nHTTP response")
ssl_client.write(
    b"GET / HTTP/1.0\r\nUser-Agent: Test\r\nHost: www.google.com\r\n\r\n")
print(ssl_client.read(2048))
コード例 #6
0
ファイル: sample_client.py プロジェクト: nabla-c0d3/nassl 
ssl_client = SslClient(
    ssl_version=OpenSslVersionEnum.TLSV1_2,
    underlying_socket=sock,
    ssl_verify=OpenSslVerifyEnum.PEER,
    ssl_verify_locations=mozilla_store,
)
ssl_client.set_tlsext_status_ocsp()
ssl_client.do_handshake()

print('Received certificate chain')
for pem_cert in ssl_client.get_received_chain():
    print(pem_cert)

print('Verified certificate chain')
for pem_cert in ssl_client.get_verified_chain():
    print(pem_cert)

print('OCSP Stapling')
ocsp_resp = ssl_client.get_tlsext_status_ocsp_resp()
if ocsp_resp:
    ocsp_resp.verify(mozilla_store)
    print(ocsp_resp.as_dict())

print('\nCipher suite')
print(ssl_client.get_current_cipher_name())

print('\nHTTP response')
ssl_client.write(b'GET / HTTP/1.0\r\nUser-Agent: Test\r\nHost: www.google.com\r\n\r\n')
print(ssl_client.read(2048))