def handshake(self, connection): print("About to handshake...") activationFlags = 0 if tacks: if len(tacks) == 1: activationFlags = 1 elif len(tacks) == 2: activationFlags = 3 try: start = time_stamp() connection.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) connection.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 5)) connection.handshakeServer(certChain=cert_chain, privateKey=privateKey, verifierDB=verifierDB, tacks=tacks, activationFlags=activationFlags, sessionCache=sessionCache, settings=settings, nextProtos=[b"http/1.1"], alpn=[bytearray(b'http/1.1')], reqCert=reqCert, sni=sni) # As an example (does not work here): #nextProtos=[b"spdy/3", b"spdy/2", b"http/1.1"]) stop = time_stamp() except TLSRemoteAlert as a: if a.description == AlertDescription.user_canceled: print(str(a)) return False else: raise except TLSLocalAlert as a: if a.description == AlertDescription.unknown_psk_identity: if username: print("Unknown username") return False else: raise elif a.description == AlertDescription.bad_record_mac: if username: print("Bad username or password") return False else: raise elif a.description == AlertDescription.handshake_failure: print("Unable to negotiate mutually acceptable parameters") return False else: raise connection.ignoreAbruptClose = True printGoodConnection(connection, stop - start) printExporter(connection, expLabel, expLength) return True
def handshake(self, connection): print("About to handshake...") activationFlags = 0 if tacks: if len(tacks) == 1: activationFlags = 1 elif len(tacks) == 2: activationFlags = 3 try: start = time_stamp() connection.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) connection.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 5)) connection.handshakeServer(certChain=cert_chain, privateKey=privateKey, verifierDB=verifierDB, tacks=tacks, activationFlags=activationFlags, sessionCache=sessionCache, settings=settings, nextProtos=[b"http/1.1"], alpn=[bytearray(b'http/1.1')], reqCert=reqCert, sni=sni) # As an example (does not work here): #nextProtos=[b"spdy/3", b"spdy/2", b"http/1.1"]) stop = time_stamp() except TLSRemoteAlert as a: if a.description == AlertDescription.user_canceled: print(str(a)) return False else: raise except TLSLocalAlert as a: if a.description == AlertDescription.unknown_psk_identity: if username: print("Unknown username") return False else: raise elif a.description == AlertDescription.bad_record_mac: if username: print("Bad username or password") return False else: raise elif a.description == AlertDescription.handshake_failure: print("Unable to negotiate mutually acceptable parameters") return False else: raise connection.ignoreAbruptClose = True printGoodConnection(connection, stop-start) printExporter(connection, expLabel, expLength) return True
def clientCmd(argv): (address, privateKey, cert_chain, username, password, expLabel, expLength, alpn, psk, psk_ident, psk_hash, resumption, ssl3, max_ver) = \ handleArgs(argv, "kcuplLa", ["psk=", "psk-ident=", "psk-sha384", "resumption", "ssl3", "max-ver="]) if (cert_chain and not privateKey) or (not cert_chain and privateKey): raise SyntaxError("Must specify CERT and KEY together") if (username and not password) or (not username and password): raise SyntaxError("Must specify USER with PASS") if cert_chain and username: raise SyntaxError("Can use SRP or client cert for auth, not both") if expLabel is not None and not expLabel: raise ValueError("Label must be non-empty") #Connect to server sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect(address) sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) connection = TLSConnection(sock) settings = HandshakeSettings() if psk: settings.pskConfigs = [(psk_ident, psk, psk_hash)] settings.useExperimentalTackExtension = True if ssl3: settings.minVersion = (3, 0) if max_ver: settings.maxVersion = max_ver try: start = time_stamp() if username and password: connection.handshakeClientSRP(username, password, settings=settings, serverName=address[0]) else: connection.handshakeClientCert(cert_chain, privateKey, settings=settings, serverName=address[0], alpn=alpn) stop = time_stamp() print("Handshake success") except TLSLocalAlert as a: if a.description == AlertDescription.user_canceled: print(str(a)) else: raise sys.exit(-1) except TLSRemoteAlert as a: if a.description == AlertDescription.unknown_psk_identity: if username: print("Unknown username") else: raise elif a.description == AlertDescription.bad_record_mac: if username: print("Bad username or password") else: raise elif a.description == AlertDescription.handshake_failure: print("Unable to negotiate mutually acceptable parameters") else: raise sys.exit(-1) printGoodConnection(connection, stop - start) printExporter(connection, expLabel, expLength) session = connection.session connection.send(b"GET / HTTP/1.0\r\n\r\n") while True: try: r = connection.recv(10240) if not r: break except socket.timeout: break except TLSAbruptCloseError: break connection.close() # we're expecting an abrupt close error which marks the session as # unreasumable, override it session.resumable = True print("Received {0} ticket[s]".format(len(connection.tickets))) assert connection.tickets is session.tickets if not session.tickets: return if not resumption: return print("Trying resumption handshake") sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect(address) sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) connection = TLSConnection(sock) try: start = time_stamp() connection.handshakeClientCert(serverName=address[0], alpn=alpn, session=session) stop = time_stamp() print("Handshake success") except TLSLocalAlert as a: if a.description == AlertDescription.user_canceled: print(str(a)) else: raise sys.exit(-1) except TLSRemoteAlert as a: if a.description == AlertDescription.unknown_psk_identity: if username: print("Unknown username") else: raise elif a.description == AlertDescription.bad_record_mac: if username: print("Bad username or password") else: raise elif a.description == AlertDescription.handshake_failure: print("Unable to negotiate mutually acceptable parameters") else: raise sys.exit(-1) printGoodConnection(connection, stop - start) printExporter(connection, expLabel, expLength) connection.close()
def clientCmd(argv): (address, privateKey, cert_chain, username, password, expLabel, expLength, alpn, psk, psk_ident, psk_hash, resumption, ssl3, max_ver) = \ handleArgs(argv, "kcuplLa", ["psk=", "psk-ident=", "psk-sha384", "resumption", "ssl3", "max-ver="]) if (cert_chain and not privateKey) or (not cert_chain and privateKey): raise SyntaxError("Must specify CERT and KEY together") if (username and not password) or (not username and password): raise SyntaxError("Must specify USER with PASS") if cert_chain and username: raise SyntaxError("Can use SRP or client cert for auth, not both") if expLabel is not None and not expLabel: raise ValueError("Label must be non-empty") #Connect to server sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect(address) sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) connection = TLSConnection(sock) settings = HandshakeSettings() if psk: settings.pskConfigs = [(psk_ident, psk, psk_hash)] settings.useExperimentalTackExtension = True if ssl3: settings.minVersion = (3, 0) if max_ver: settings.maxVersion = max_ver try: start = time_stamp() if username and password: connection.handshakeClientSRP(username, password, settings=settings, serverName=address[0]) else: connection.handshakeClientCert(cert_chain, privateKey, settings=settings, serverName=address[0], alpn=alpn) stop = time_stamp() print("Handshake success") except TLSLocalAlert as a: if a.description == AlertDescription.user_canceled: print(str(a)) else: raise sys.exit(-1) except TLSRemoteAlert as a: if a.description == AlertDescription.unknown_psk_identity: if username: print("Unknown username") else: raise elif a.description == AlertDescription.bad_record_mac: if username: print("Bad username or password") else: raise elif a.description == AlertDescription.handshake_failure: print("Unable to negotiate mutually acceptable parameters") else: raise sys.exit(-1) printGoodConnection(connection, stop-start) printExporter(connection, expLabel, expLength) session = connection.session connection.send(b"GET / HTTP/1.0\r\n\r\n") while True: try: r = connection.recv(10240) if not r: break except socket.timeout: break except TLSAbruptCloseError: break connection.close() # we're expecting an abrupt close error which marks the session as # unreasumable, override it session.resumable = True print("Received {0} ticket[s]".format(len(connection.tickets))) assert connection.tickets is session.tickets if not session.tickets: return if not resumption: return print("Trying resumption handshake") sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect(address) sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) connection = TLSConnection(sock) try: start = time_stamp() connection.handshakeClientCert(serverName=address[0], alpn=alpn, session=session) stop = time_stamp() print("Handshake success") except TLSLocalAlert as a: if a.description == AlertDescription.user_canceled: print(str(a)) else: raise sys.exit(-1) except TLSRemoteAlert as a: if a.description == AlertDescription.unknown_psk_identity: if username: print("Unknown username") else: raise elif a.description == AlertDescription.bad_record_mac: if username: print("Bad username or password") else: raise elif a.description == AlertDescription.handshake_failure: print("Unable to negotiate mutually acceptable parameters") else: raise sys.exit(-1) printGoodConnection(connection, stop-start) printExporter(connection, expLabel, expLength) connection.close()