def handshake(self, connection):
print("About to handshake...")
activationFlags = 0
if tacks:
if len(tacks) == 1:
activationFlags = 1
elif len(tacks) == 2:
activationFlags = 3
try:
start = time_stamp()
connection.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY,
1)
connection.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER,
struct.pack('ii', 1, 5))
connection.handshakeServer(certChain=cert_chain,
privateKey=privateKey,
verifierDB=verifierDB,
tacks=tacks,
activationFlags=activationFlags,
sessionCache=sessionCache,
settings=settings,
nextProtos=[b"http/1.1"],
alpn=[bytearray(b'http/1.1')],
reqCert=reqCert,
sni=sni)
# As an example (does not work here):
#nextProtos=[b"spdy/3", b"spdy/2", b"http/1.1"])
stop = time_stamp()
except TLSRemoteAlert as a:
if a.description == AlertDescription.user_canceled:
print(str(a))
return False
else:
raise
except TLSLocalAlert as a:
if a.description == AlertDescription.unknown_psk_identity:
if username:
print("Unknown username")
return False
else:
raise
elif a.description == AlertDescription.bad_record_mac:
if username:
print("Bad username or password")
return False
else:
raise
elif a.description == AlertDescription.handshake_failure:
print("Unable to negotiate mutually acceptable parameters")
return False
else:
raise
connection.ignoreAbruptClose = True
printGoodConnection(connection, stop - start)
printExporter(connection, expLabel, expLength)
return True
def handshake(self, connection):
print("About to handshake...")
activationFlags = 0
if tacks:
if len(tacks) == 1:
activationFlags = 1
elif len(tacks) == 2:
activationFlags = 3
try:
start = time_stamp()
connection.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY,
1)
connection.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER,
struct.pack('ii', 1, 5))
connection.handshakeServer(certChain=cert_chain,
privateKey=privateKey,
verifierDB=verifierDB,
tacks=tacks,
activationFlags=activationFlags,
sessionCache=sessionCache,
settings=settings,
nextProtos=[b"http/1.1"],
alpn=[bytearray(b'http/1.1')],
reqCert=reqCert,
sni=sni)
# As an example (does not work here):
#nextProtos=[b"spdy/3", b"spdy/2", b"http/1.1"])
stop = time_stamp()
except TLSRemoteAlert as a:
if a.description == AlertDescription.user_canceled:
print(str(a))
return False
else:
raise
except TLSLocalAlert as a:
if a.description == AlertDescription.unknown_psk_identity:
if username:
print("Unknown username")
return False
else:
raise
elif a.description == AlertDescription.bad_record_mac:
if username:
print("Bad username or password")
return False
else:
raise
elif a.description == AlertDescription.handshake_failure:
print("Unable to negotiate mutually acceptable parameters")
return False
else:
raise
connection.ignoreAbruptClose = True
printGoodConnection(connection, stop-start)
printExporter(connection, expLabel, expLength)
return True
def clientCmd(argv):
(address, privateKey, cert_chain, username, password, expLabel,
expLength, alpn, psk, psk_ident, psk_hash, resumption, ssl3,
max_ver) = \
handleArgs(argv, "kcuplLa", ["psk=", "psk-ident=", "psk-sha384",
"resumption", "ssl3", "max-ver="])
if (cert_chain and not privateKey) or (not cert_chain and privateKey):
raise SyntaxError("Must specify CERT and KEY together")
if (username and not password) or (not username and password):
raise SyntaxError("Must specify USER with PASS")
if cert_chain and username:
raise SyntaxError("Can use SRP or client cert for auth, not both")
if expLabel is not None and not expLabel:
raise ValueError("Label must be non-empty")
#Connect to server
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
sock.connect(address)
sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
connection = TLSConnection(sock)
settings = HandshakeSettings()
if psk:
settings.pskConfigs = [(psk_ident, psk, psk_hash)]
settings.useExperimentalTackExtension = True
if ssl3:
settings.minVersion = (3, 0)
if max_ver:
settings.maxVersion = max_ver
try:
start = time_stamp()
if username and password:
connection.handshakeClientSRP(username,
password,
settings=settings,
serverName=address[0])
else:
connection.handshakeClientCert(cert_chain,
privateKey,
settings=settings,
serverName=address[0],
alpn=alpn)
stop = time_stamp()
print("Handshake success")
except TLSLocalAlert as a:
if a.description == AlertDescription.user_canceled:
print(str(a))
else:
raise
sys.exit(-1)
except TLSRemoteAlert as a:
if a.description == AlertDescription.unknown_psk_identity:
if username:
print("Unknown username")
else:
raise
elif a.description == AlertDescription.bad_record_mac:
if username:
print("Bad username or password")
else:
raise
elif a.description == AlertDescription.handshake_failure:
print("Unable to negotiate mutually acceptable parameters")
else:
raise
sys.exit(-1)
printGoodConnection(connection, stop - start)
printExporter(connection, expLabel, expLength)
session = connection.session
connection.send(b"GET / HTTP/1.0\r\n\r\n")
while True:
try:
r = connection.recv(10240)
if not r:
break
except socket.timeout:
break
except TLSAbruptCloseError:
break
connection.close()
# we're expecting an abrupt close error which marks the session as
# unreasumable, override it
session.resumable = True
print("Received {0} ticket[s]".format(len(connection.tickets)))
assert connection.tickets is session.tickets
if not session.tickets:
return
if not resumption:
return
print("Trying resumption handshake")
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
sock.connect(address)
sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
connection = TLSConnection(sock)
try:
start = time_stamp()
connection.handshakeClientCert(serverName=address[0],
alpn=alpn,
session=session)
stop = time_stamp()
print("Handshake success")
except TLSLocalAlert as a:
if a.description == AlertDescription.user_canceled:
print(str(a))
else:
raise
sys.exit(-1)
except TLSRemoteAlert as a:
if a.description == AlertDescription.unknown_psk_identity:
if username:
print("Unknown username")
else:
raise
elif a.description == AlertDescription.bad_record_mac:
if username:
print("Bad username or password")
else:
raise
elif a.description == AlertDescription.handshake_failure:
print("Unable to negotiate mutually acceptable parameters")
else:
raise
sys.exit(-1)
printGoodConnection(connection, stop - start)
printExporter(connection, expLabel, expLength)
connection.close()
def clientCmd(argv):
(address, privateKey, cert_chain, username, password, expLabel,
expLength, alpn, psk, psk_ident, psk_hash, resumption, ssl3,
max_ver) = \
handleArgs(argv, "kcuplLa", ["psk=", "psk-ident=", "psk-sha384",
"resumption", "ssl3", "max-ver="])
if (cert_chain and not privateKey) or (not cert_chain and privateKey):
raise SyntaxError("Must specify CERT and KEY together")
if (username and not password) or (not username and password):
raise SyntaxError("Must specify USER with PASS")
if cert_chain and username:
raise SyntaxError("Can use SRP or client cert for auth, not both")
if expLabel is not None and not expLabel:
raise ValueError("Label must be non-empty")
#Connect to server
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
sock.connect(address)
sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
connection = TLSConnection(sock)
settings = HandshakeSettings()
if psk:
settings.pskConfigs = [(psk_ident, psk, psk_hash)]
settings.useExperimentalTackExtension = True
if ssl3:
settings.minVersion = (3, 0)
if max_ver:
settings.maxVersion = max_ver
try:
start = time_stamp()
if username and password:
connection.handshakeClientSRP(username, password,
settings=settings, serverName=address[0])
else:
connection.handshakeClientCert(cert_chain, privateKey,
settings=settings, serverName=address[0], alpn=alpn)
stop = time_stamp()
print("Handshake success")
except TLSLocalAlert as a:
if a.description == AlertDescription.user_canceled:
print(str(a))
else:
raise
sys.exit(-1)
except TLSRemoteAlert as a:
if a.description == AlertDescription.unknown_psk_identity:
if username:
print("Unknown username")
else:
raise
elif a.description == AlertDescription.bad_record_mac:
if username:
print("Bad username or password")
else:
raise
elif a.description == AlertDescription.handshake_failure:
print("Unable to negotiate mutually acceptable parameters")
else:
raise
sys.exit(-1)
printGoodConnection(connection, stop-start)
printExporter(connection, expLabel, expLength)
session = connection.session
connection.send(b"GET / HTTP/1.0\r\n\r\n")
while True:
try:
r = connection.recv(10240)
if not r:
break
except socket.timeout:
break
except TLSAbruptCloseError:
break
connection.close()
# we're expecting an abrupt close error which marks the session as
# unreasumable, override it
session.resumable = True
print("Received {0} ticket[s]".format(len(connection.tickets)))
assert connection.tickets is session.tickets
if not session.tickets:
return
if not resumption:
return
print("Trying resumption handshake")
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
sock.connect(address)
sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
connection = TLSConnection(sock)
try:
start = time_stamp()
connection.handshakeClientCert(serverName=address[0], alpn=alpn,
session=session)
stop = time_stamp()
print("Handshake success")
except TLSLocalAlert as a:
if a.description == AlertDescription.user_canceled:
print(str(a))
else:
raise
sys.exit(-1)
except TLSRemoteAlert as a:
if a.description == AlertDescription.unknown_psk_identity:
if username:
print("Unknown username")
else:
raise
elif a.description == AlertDescription.bad_record_mac:
if username:
print("Bad username or password")
else:
raise
elif a.description == AlertDescription.handshake_failure:
print("Unable to negotiate mutually acceptable parameters")
else:
raise
sys.exit(-1)
printGoodConnection(connection, stop-start)
printExporter(connection, expLabel, expLength)
connection.close()