def accept(self):
# type: () -> Tuple[Connection, util.AddrType]
"""Accept an SSL connection.
The return value is a pair (ssl, addr) where ssl is a new SSL
connection object and addr is the address bound to the other end
of the SSL connection.
:return: tuple of Connection and addr. Address can take very
various forms (see socket documentation), for IPv4 it
is tuple(str, int), for IPv6 a tuple of four (host,
port, flowinfo, scopeid), where the last two are
optional ints.
"""
sock, addr = self.socket.accept()
ssl = Connection(self.ctx, sock)
ssl.addr = addr
ssl.setup_ssl()
ssl.set_accept_state()
ssl.accept_ssl()
check = getattr(self, 'postConnectionCheck',
self.serverPostConnectionCheck)
if check is not None:
if not check(ssl.get_peer_cert(), ssl.addr[0]):
raise Checker.SSLVerificationError(
'post connection check failed')
return ssl, addr
def _check(self):
if not self.checked and m2.ssl_is_init_finished(self.ssl._ptr()):
x509 = m2.ssl_get_peer_cert(self.ssl._ptr())
if x509 is not None:
x509 = X509.X509(x509, 1)
if self.isClient:
host = self.transport.addr[0]
else:
host = self.transport.getPeer().host
if not self.postConnectionCheck(x509, host):
raise Checker.SSLVerificationError('post connection check')
self.checked = 1
def connect(self, addr):
self.socket.connect(addr)
self.addr = addr
self.setup_ssl()
self.set_connect_state()
ret = self.connect_ssl()
check = getattr(self, 'postConnectionCheck',
self.clientPostConnectionCheck)
if check is not None:
if not check(self.get_peer_cert(), self.addr[0]):
raise Checker.SSLVerificationError(
'post connection check failed')
return ret
def accept(self):
"""Accept an SSL connection. The return value is a pair (ssl,
addr) where ssl is a new SSL connection object and addr is the
address bound to the other end of the SSL connection."""
sock, addr = self.socket.accept()
ssl = Connection(self.ctx, sock)
ssl.addr = addr
ssl.setup_ssl()
ssl.set_accept_state()
ssl.accept_ssl()
check = getattr(self, 'postConnectionCheck',
self.serverPostConnectionCheck)
if check is not None:
if not check(ssl.get_peer_cert(), ssl.addr[0]):
raise Checker.SSLVerificationError(
'post connection check failed')
return ssl, addr
def connect(self, addr):
# type: (util.AddrType) -> int
"""Overloading socket.connect()
@param addr: addresses have various depending on their type
@return:status of ssl_connect()
"""
self.socket.connect(addr)
self.addr = addr
self.setup_ssl()
self.set_connect_state()
ret = self.connect_ssl()
check = getattr(self, 'postConnectionCheck',
self.clientPostConnectionCheck)
if check is not None:
if not check(self.get_peer_cert(), self.addr[0]):
raise Checker.SSLVerificationError(
'post connection check failed')
return ret