def __init__(self, sock=None, sslVersion=SSLV23, sslVerify=SSL_VERIFY_PEER, sslVerifyLocations=None): # A Python socket handles transmission of the data self._sock = sock self._handshakeDone = False # OpenSSL objects # SSL_CTX self._sslCtx = SSL_CTX(sslVersion) self._sslCtx.set_verify(sslVerify) if sslVerifyLocations: self._sslCtx.load_verify_locations(sslVerifyLocations) # SSL self._ssl = SSL(self._sslCtx) self._ssl.set_connect_state() # Specific servers do not reply to a client hello that is bigger than 255 bytes # See http://rt.openssl.org/Ticket/Display.html?id=2771&user=guest&pass=guest # So we make the default cipher list smaller (to make the client hello smaller) if sslVersion != SSLV2: # This makes SSLv2 fail self._ssl.set_cipher_list('HIGH:-aNULL:-eNULL:-3DES:-SRP:-PSK:-CAMELLIA') else: # Handshake workaround for SSL2 + IIS 7 self.do_handshake = self.do_ssl2_iis_handshake # BIOs self._internalBio = BIO() self._networkBio = BIO() # http://www.openssl.org/docs/crypto/BIO_s_bio.html BIO.make_bio_pair(self._internalBio, self._networkBio) self._ssl.set_bio(self._internalBio)
def __init__(self, sock=None, ssl_version=SSLV23, ssl_verify=SSL_VERIFY_PEER, ssl_verify_locations=None, client_certchain_file=None, client_key_file=None, client_key_type=SSL_FILETYPE_PEM, client_key_password='', ignore_client_authentication_requests=False): # A Python socket handles transmission of the data self._sock = sock self._is_handshake_completed = False self._client_CA_list = [] # OpenSSL objects # SSL_CTX self._ssl_ctx = SSL_CTX(ssl_version) self._ssl_ctx.set_verify(ssl_verify) if ssl_verify_locations: self._ssl_ctx.load_verify_locations(ssl_verify_locations) if client_certchain_file is not None: self._use_private_key(client_certchain_file, client_key_file, client_key_type, client_key_password) if ignore_client_authentication_requests: if client_certchain_file: raise ValueError( 'Cannot enable both client_certchain_file and ignore_client_authentication_requests' ) self._ssl_ctx.set_client_cert_cb_NULL() # SSL self._ssl = SSL(self._ssl_ctx) self._ssl.set_connect_state() # Specific servers do not reply to a client hello that is bigger than 255 bytes # See http://rt.openssl.org/Ticket/Display.html?id=2771&user=guest&pass=guest # So we make the default cipher list smaller (to make the client hello smaller) if ssl_version != SSLV2: # This makes SSLv2 fail self._ssl.set_cipher_list( 'HIGH:-aNULL:-eNULL:-3DES:-SRP:-PSK:-CAMELLIA') else: # Handshake workaround for SSL2 + IIS 7 self.do_handshake = self.do_ssl2_iis_handshake # BIOs self._internal_bio = BIO() self._network_bio = BIO() # http://www.openssl.org/docs/crypto/BIO_s_bio.html BIO.make_bio_pair(self._internal_bio, self._network_bio) self._ssl.set_bio(self._internal_bio)