def _SetUpUsingDummyCert(handler): """Sets up connection providing the certificate to the client. This method handles Server Name Indication (SNI) using dummy certs. Args: handler: an instance of BaseHTTPServer.BaseHTTPRequestHandler that is used by some instance of BaseHTTPServer.HTTPServer. """ # One of: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD context = certutils.get_ssl_context() def handle_servername(connection): """A SNI callback that happens during do_handshake().""" try: host = connection.get_servername() if host: cert_str = (handler.server.get_certificate(host)) new_context = certutils.get_ssl_context() cert = certutils.load_cert(cert_str) new_context.use_certificate(cert) new_context.use_privatekey_file(handler.server.ca_cert_path) connection.set_context(new_context) return new_context # else: fail with 'no domain.shared cipher' except Exception, e: # Do not leak any exceptions or else openssl crashes. logging.error('Exception in SNI handler: %s', e)
def _SetUpUsingDummyCert(handler): """Sets up connection providing the certificate to the client. This method handles Server Name Indication (SNI) using dummy certs. Args: handler: an instance of BaseHTTPServer.BaseHTTPRequestHandler that is used by some instance of BaseHTTPServer.HTTPServer. """ # One of: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD context = certutils.get_ssl_context() def handle_servername(connection): """A SNI callback that happens during do_handshake().""" try: host = connection.get_servername() if host: cert_str = ( handler.server.get_certificate(host)) new_context = certutils.get_ssl_context() cert = certutils.load_cert(cert_str) new_context.use_certificate(cert) new_context.use_privatekey_file(handler.server.ca_cert_path) connection.set_context(new_context) return new_context # else: fail with 'no shared cipher' except Exception, e: # Do not leak any exceptions or else openssl crashes. logging.error('Exception in SNI handler: %s', e)
def run_request(self): context = certutils.get_ssl_context() context.set_verify(certutils.VERIFY_PEER, self.verify_cb) # Demand a cert context.use_certificate_file(self.ca_cert_path) context.load_verify_locations(self.ca_cert_path) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.connection = certutils.get_ssl_connection(context, s) self.connection.connect((self.host, self.port)) self.connection.set_tlsext_host_name(self.host_name) try: self.connection.send('\r\n\r\n') finally: self.connection.shutdown() self.connection.close()
def handle_servername(connection): """A SNI callback that happens during do_handshake().""" try: host = connection.get_servername() if host: cert_str = (handler.server.get_certificate(host)) new_context = certutils.get_ssl_context() cert = certutils.load_cert(cert_str) new_context.use_certificate(cert) new_context.use_privatekey_file(handler.server.ca_cert_path) connection.set_context(new_context) return new_context # else: fail with 'no domain.shared cipher' except Exception, e: # Do not leak any exceptions or else openssl crashes. logging.error('Exception in SNI handler: %s', e)
def handle_servername(connection): """A SNI callback that happens during do_handshake().""" try: host = connection.get_servername() if host: cert_str = ( handler.server.get_certificate(host)) new_context = certutils.get_ssl_context() cert = certutils.load_cert(cert_str) new_context.use_certificate(cert) new_context.use_privatekey_file(handler.server.ca_cert_path) connection.set_context(new_context) return new_context # else: fail with 'no shared cipher' except Exception, e: # Do not leak any exceptions or else openssl crashes. logging.error('Exception in SNI handler: %s', e)
def setup(self): """Sets up connection providing the certificate to the client.""" # One of: One of SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, or TLSv1_METHOD context = certutils.get_ssl_context() def handle_servername(connection): """A SNI callback that happens during do_handshake().""" try: host = connection.get_servername() if host: cert_str = ( self.server.http_archive_fetch.http_archive.get_certificate(host)) new_context = certutils.get_ssl_context() cert = certutils.load_cert(cert_str) new_context.use_certificate(cert) new_context.use_privatekey_file(self.server.ca_cert_path) connection.set_context(new_context) return new_context # else: fail with 'no shared cipher' except Exception, e: # Do not leak any exceptions or else openssl crashes. logging.error('Exception in SNI handler', e)