コード例 #1
0
def patched_connect(self):
    # Add certificate verification
    try:
        sock = socket.create_connection(address=(self.host, self.port),
                                        timeout=self.timeout)
    except SocketTimeout:
        raise ConnectTimeoutError(
            self, "Connection to %s timed out. (connect timeout=%s)" %
            (self.host, self.timeout))

    resolved_cert_reqs = resolve_cert_reqs(self.cert_reqs)
    resolved_ssl_version = resolve_ssl_version(self.ssl_version)

    if self._tunnel_host:
        self.sock = sock
        # Calls self._set_hostport(), so self.host is
        # self._tunnel_host below.
        self._tunnel()

    # Wrap socket using verification with the root certs in
    # trusted_root_certs
    self.sock = ssl_wrap_socket(sock,
                                self.key_file,
                                self.cert_file,
                                cert_reqs=resolved_cert_reqs,
                                ca_certs=self.ca_certs,
                                server_hostname=self.host,
                                ssl_version=resolved_ssl_version)

    if self.assert_fingerprint:
        assert_fingerprint(self.sock.getpeercert(binary_form=True),
                           self.assert_fingerprint)
    elif resolved_cert_reqs != ssl.CERT_NONE and self.assert_hostname is not False:
        match_hostname(self.sock.getpeercert(), self.assert_hostname
                       or self.host)
コード例 #2
0
        def patched_connect(self):
            # Add certificate verification
            try:
                sock = socket.create_connection(address=(self.host, self.port), timeout=self.timeout)
            except SocketTimeout:
                raise ConnectTimeoutError(self, "Connection to %s timed out. (connect timeout=%s)" % (self.host, self.timeout))

            resolved_cert_reqs = resolve_cert_reqs(self.cert_reqs)
            resolved_ssl_version = resolve_ssl_version(self.ssl_version)

            if self._tunnel_host:
                self.sock = sock
                # Calls self._set_hostport(), so self.host is
                # self._tunnel_host below.
                self._tunnel()

            # Wrap socket using verification with the root certs in
            # trusted_root_certs
            self.sock = ssl_wrap_socket(sock, self.key_file, self.cert_file,
                                        cert_reqs=resolved_cert_reqs,
                                        ca_certs=self.ca_certs,
                                        server_hostname=self.host,
                                        ssl_version=resolved_ssl_version)

            if self.assert_fingerprint:
                assert_fingerprint(self.sock.getpeercert(binary_form=True),
                                   self.assert_fingerprint)
            elif resolved_cert_reqs != ssl.CERT_NONE and self.assert_hostname is not False:
                match_hostname(self.sock.getpeercert(),
                               self.assert_hostname or self.host)
コード例 #3
0
def ssl_wrap_localhost_no_sni(*args, **kwargs):
    """Prevent SSLError: bad handshake on localhost requests."""
    if 'server_hostname' in kwargs and '127.0.0.1' == kwargs['server_hostname']:
        orig_has_sni = urllib3_util.HAS_SNI
        urllib3_util.HAS_SNI = False
        try:
            return urllib3_util.ssl_wrap_socket(*args, **kwargs)
        finally:
            urllib3_util.HAS_SNI = orig_has_sni
    return orig_ssl_wrap(*args, **kwargs)
コード例 #4
0
ファイル: win32.py プロジェクト: UFHH01/letsencrypt-plesk 
def ssl_wrap_localhost_no_sni(*args, **kwargs):
    """Prevent SSLError: bad handshake on localhost requests."""
    if 'server_hostname' in kwargs and '127.0.0.1' == kwargs['server_hostname']:
        orig_has_sni = urllib3_util.HAS_SNI
        urllib3_util.HAS_SNI = False
        try:
            return urllib3_util.ssl_wrap_socket(*args, **kwargs)
        finally:
            urllib3_util.HAS_SNI = orig_has_sni
    return orig_ssl_wrap(*args, **kwargs)