예제 #1
0
    def set_session_id_ctx(self, id):
        # type: (bytes) -> None
        """Sets the session id for the SSL.Context w/in a session can be reused.

        @param id: Sessions are generated within a certain context. When
                   exporting/importing sessions with
                   i2d_SSL_SESSION/d2i_SSL_SESSION it would be possible,
                   to re-import a session generated from another context
                   (e.g. another application), which might lead to
                   malfunctions. Therefore each application must set its
                   own session id context sid_ctx which is used to
                   distinguish the contexts and is stored in exported
                   sessions. The sid_ctx can be any kind of binary data
                   with a given length, it is therefore possible to use
                   e.g. the name of the application and/or the hostname
                   and/or service name.
        """
        ret = m2.ssl_ctx_set_session_id_context(self.ctx, id)
        if not ret:
            raise Err.SSLError(Err.get_error_code(), '')
예제 #2
0
    def M2CryptoConnectionAccept(self):
        """
        Alternate implementation for M2Crypto.SSL.Connection.accept
        This implementation sets the read/write timeouts on the socket
        and checks for an error in the SSL accept.  Any time a
        client connects to the servers and doesn't finish the 
        SSL accept negotiations, the server is hung until the client
        goes away.  Timeouts fix this by only allowing a client to 
        hang the server for ten seconds.
        
        This functionality will be rolled back to the M2Crypto project
        as soon as possible.  When it appears in an M2Crypto release,
        we can do away with this patch.
        """
        sock, addr = self.socket.accept()
        ssl = SSL.Connection(self.ctx, sock)

        # set a 10s timeout on the listening socket
        if sys.platform not in ['win32']:
            t = SSL.timeout(10, 0)
            ssl.set_socket_read_timeout(t)
            ssl.set_socket_write_timeout(t)

        ssl.addr = addr
        ssl.setup_ssl()
        ssl.set_accept_state()
        ret = ssl.accept_ssl()
        err = m2.ssl_get_error(ssl.ssl, ret)
        if err != m2.ssl_error_none:
            ssl.socket.close()
            raise Err.SSLError(ret, addr)
        check = getattr(self, 'postConnectionCheck',
                        self.serverPostConnectionCheck)
        if check is not None:
            if not check(self.get_peer_cert(), ssl.addr[0]):
                raise Checker.SSLVerificationError, 'post connection check failed'
        return ssl, addr
예제 #3
0
 def set_session_id_ctx(self, id):
     ret = m2.ssl_ctx_set_session_id_context(self.ctx, id)
     if not ret:
         raise Err.SSLError(Err.get_error_code(), '')