Exemplo n.º 1
0
def main():
    print 'initializing ctx ...'
    ctx = M2Crypto.SSL.Context(protocol='sslv2')
    ctx.load_cert_chain(certchainfile=CERTFILE, keyfile=KEYFILE)
    ctx.set_options(m2.SSL_OP_ALL)
    ctx.set_cipher_list('ALL')

    print 'initializing socket and accepting connection ...'
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    sock.bind(('0.0.0.0', 8443))
    sock.listen(1)
    conn, addr = sock.accept()

    print 'ssl handshake ...'
    ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn)
    ssl_conn.set_socket_read_timeout(timeout(2))
    ssl_conn.setup_ssl()
    ssl_conn_res = ssl_conn.accept_ssl()

    if ssl_conn_res == 1:
        print 'SSL connection accepted'
    else:
        res = ssl_conn.ssl_get_error(ssl_conn_res)
        print 'SSL handshake failed: %s (\'%s\')' % (res, resolve_ssl_code(res))
Exemplo n.º 2
0
    def handle(self, conn, profile, file_bag):
        ctx = M2Crypto.SSL.Context(self.proto, weak_crypto=True)
        ctx.load_cert_chain(certchainfile=profile.certnkey.cert_filename,
                            keyfile=profile.certnkey.key_filename)
        set_ephemeral_params(ctx)

        self.logger.debug('trying to accept SSL connection %s with profile %s',
                          conn, profile)
        try:
            # try to accept SSL connection
            ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn.sock)
            ssl_conn.set_socket_read_timeout(timeout(self.sock_read_timeout))
            ssl_conn.setup_ssl()
            ssl_conn_res = ssl_conn.accept_ssl()

            if ssl_conn_res != 1:
                res = ssl_conn.ssl_get_error(ssl_conn_res)
                res = resolve_ssl_code(res)
                self.logger.debug('SSL handshake failed: %s', res)
                return ConnectionAuditResult(conn, profile, res)

            self.logger.debug(
                'SSL connection accepted, version %s, cipher %s' %
                (ssl_conn.get_version(), ssl_conn.get_cipher()))
            if ssl_conn.get_version(
            ) == 'SSLv2' and ssl_conn.get_cipher() is None:
                ## workaround for #46
                raise Exception(UNEXPECTED_EOF)

            # try to read something from the client
            start_time = time()
            client_req = ssl_conn.read(size=MAX_SIZE)
            end_time = time()
            dt = end_time - start_time

            if client_req == None:
                # read timeout
                res = ConnectedReadTimeout(dt)
            else:
                if len(client_req) == 0:
                    # EOF or timeout? XXX
                    if dt < self.sock_read_timeout:
                        res = ConnectedGotEOFBeforeTimeout(dt)
                    else:
                        res = ConnectedReadTimeout(dt)
                else:
                    # got data
                    res = ConnectedGotRequest(client_req, dt, file_bag)
        except Exception as ex:
            res = str(ex)
            self.logger.debug('SSL accept failed: %s', ex)

        # report the result

        return ConnectionAuditResult(conn, profile, res)
Exemplo n.º 3
0
    def handle(self, conn, profile, file_bag):
        ctx = M2Crypto.SSL.Context(self.proto, weak_crypto=True)
        ctx.load_cert_chain(certchainfile=profile.certnkey.cert_filename, keyfile=profile.certnkey.key_filename)
        set_ephemeral_params(ctx)

        self.logger.debug('trying to accept SSL connection %s with profile %s', conn, profile)
        try:
            # try to accept SSL connection
            ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn.sock)
            ssl_conn.set_socket_read_timeout(timeout(self.sock_read_timeout))
            ssl_conn.setup_ssl()
            ssl_conn_res = ssl_conn.accept_ssl()

            if ssl_conn_res != 1:
                res = ssl_conn.ssl_get_error(ssl_conn_res)
                res = resolve_ssl_code(res)
                self.logger.debug('SSL handshake failed: %s', res)
                return ConnectionAuditResult(conn, profile, res)

            self.logger.debug(
                'SSL connection accepted, version %s, cipher %s' % (ssl_conn.get_version(), ssl_conn.get_cipher()))
            if ssl_conn.get_version() == 'SSLv2' and ssl_conn.get_cipher() is None:
                ## workaround for #46
                raise Exception(UNEXPECTED_EOF)

            # try to read something from the client
            start_time = time()
            client_req = ssl_conn.read(size=MAX_SIZE)
            end_time = time()
            dt = end_time - start_time

            if client_req == None:
                # read timeout
                res = ConnectedReadTimeout(dt)
            else:
                if len(client_req) == 0:
                    # EOF or timeout? XXX
                    if dt < self.sock_read_timeout:
                        res = ConnectedGotEOFBeforeTimeout(dt)
                    else:
                        res = ConnectedReadTimeout(dt)
                else:
                    # got data
                    res = ConnectedGotRequest(client_req, dt, file_bag)
        except Exception as ex:
            res = str(ex)
            self.logger.debug('SSL accept failed: %s', ex)

        # report the result

        return ConnectionAuditResult(conn, profile, res)
Exemplo n.º 4
0
    def handle(self, conn, profile):
        ctx = M2Crypto.SSL.Context(self.proto)
        ctx.load_cert_chain(certchainfile=profile.certnkey.cert_filename,
                            keyfile=profile.certnkey.key_filename)

        self.logger.debug('trying to accept SSL connection %s with profile %s',
                          conn, profile)
        try:
            # try to accept SSL connection
            ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn.sock)
            ssl_conn.set_socket_read_timeout(timeout(self.sock_read_timeout))
            ssl_conn.setup_ssl()
            ssl_conn_res = ssl_conn.accept_ssl()
            if ssl_conn_res == 1:
                self.logger.debug('SSL connection accepted')
            else:
                self.logger.debug('SSL handshake failed: %s',
                                  ssl_conn.ssl_get_error(ssl_conn_res))
                res = ssl_conn.ssl_get_error(ssl_conn_res)
                return ClientConnectionAuditResult(conn, profile, res)

            # try to read something from the client
            start_time = time()
            client_req = ssl_conn.read(size=MAX_SIZE)
            end_time = time()
            dt = end_time - start_time

            if client_req == None:
                # read timeout
                res = ConnectedReadTimeout(dt)
            else:
                if len(client_req) == 0:
                    # EOF or timeout? XXX
                    if dt < self.sock_read_timeout:
                        res = ConnectedGotEOFBeforeTimeout(dt)
                    else:

                        res = ConnectedReadTimeout(dt)
                else:
                    # got data
                    res = ConnectedGotRequest(client_req, dt)
        except Exception as ex:
            res = ex.message
            self.logger.debug('SSL accept failed: %s', ex)

        # report the result

        return ClientConnectionAuditResult(conn, profile, res)
Exemplo n.º 5
0
    def handle(self, conn, profile, file_bag):
        # create a context, explicitly specify the flavour of the protocol
        ctx = M2Crypto.SSL.Context(protocol=profile.profile_spec.proto, weak_crypto=True)
        ctx.load_cert_chain(certchainfile=profile.certnkey.cert_filename, keyfile=profile.certnkey.key_filename)
        set_ephemeral_params(ctx)

        # set restrict all protocols except the one prescribed by the profile
        options = m2.SSL_OP_ALL
        if profile.profile_spec.proto == 'sslv2':
            options |= m2.SSL_OP_NO_SSLv3 | m2.SSL_OP_NO_TLSv1
        elif profile.profile_spec.proto == 'sslv3':
            options |= m2.SSL_OP_NO_SSLv2 | m2.SSL_OP_NO_TLSv1
        elif profile.profile_spec.proto == 'tlsv1':
            options |= m2.SSL_OP_NO_SSLv2 | m2.SSL_OP_NO_SSLv3
        else:
            raise ValueError('unsupported protocol: %s' % profile.profile_spec.proto)
        ctx.set_options(options)

        # set allowed ciphers
        ctx.set_cipher_list(profile.profile_spec.cipher)

        self.logger.debug('trying to accept SSL connection %s with profile %s', conn, profile)
        try:
            # try to accept SSL connection
            ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn.sock)
            ssl_conn.set_socket_read_timeout(timeout(self.sock_read_timeout))
            ssl_conn.setup_ssl()
            ssl_conn_res = ssl_conn.accept_ssl()
            if ssl_conn_res == 1:
                self.logger.debug(
                    'SSL connection accepted, version %s cipher %s' % (ssl_conn.get_version(), ssl_conn.get_cipher()))
                if ssl_conn.get_version() == 'SSLv2' and ssl_conn.get_cipher() is None:
                    # workaround for #46
                    raise Exception(UNEXPECTED_EOF)
                return ConnectionAuditResult(conn, profile, Connected())
            else:
                res = ssl_conn.ssl_get_error(ssl_conn_res)
                res = resolve_ssl_code(res)
                self.logger.debug('SSL handshake failed: %s', res)
                return ConnectionAuditResult(conn, profile, res)

        except Exception as ex:
            res = str(ex)
            self.logger.debug('SSL accept failed: %s', ex)

        return ConnectionAuditResult(conn, profile, res)
Exemplo n.º 6
0
    def handle(self, conn, profile):
        ctx = M2Crypto.SSL.Context(self.proto)
        ctx.load_cert_chain(certchainfile=profile.certnkey.cert_filename, keyfile=profile.certnkey.key_filename)

        self.logger.debug('trying to accept SSL connection %s with profile %s', conn, profile)
        try:
            # try to accept SSL connection
            ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn.sock)
            ssl_conn.set_socket_read_timeout(timeout(self.sock_read_timeout))
            ssl_conn.setup_ssl()
            ssl_conn_res = ssl_conn.accept_ssl()
            if ssl_conn_res == 1:
                self.logger.debug('SSL connection accepted')
            else:
                self.logger.debug('SSL handshake failed: %s', ssl_conn.ssl_get_error(ssl_conn_res))
                res = ssl_conn.ssl_get_error(ssl_conn_res)
                return ClientConnectionAuditResult(conn, profile, res)

            # try to read something from the client
            start_time = time()
            client_req = ssl_conn.read(size=MAX_SIZE)
            end_time = time()
            dt = end_time - start_time

            if client_req == None:
                # read timeout
                res = ConnectedReadTimeout(dt)
            else:
                if len(client_req) == 0:
                    # EOF or timeout? XXX
                    if dt < self.sock_read_timeout:
                        res = ConnectedGotEOFBeforeTimeout(dt)
                    else:

                        res = ConnectedReadTimeout(dt)
                else:
                    # got data
                    res = ConnectedGotRequest(client_req, dt)
        except Exception as ex:
            res = ex.message
            self.logger.debug('SSL accept failed: %s', ex)

        # report the result

        return ClientConnectionAuditResult(conn, profile, res)
Exemplo n.º 7
0
def main():
    print "initializing ctx ..."
    ctx = M2Crypto.SSL.Context()
    ctx.load_cert_chain(certchainfile=CERTFILE, keyfile=KEYFILE)
    ctx.set_options(m2.SSL_OP_ALL)
    ctx.set_cipher_list("ALL")

    print "initializing socket ..."
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.bind(("0.0.0.0", 8443))
    sock.listen(1)
    conn, addr = sock.accept()

    print "ssl handshake ..."
    ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn)
    ssl_conn.set_socket_read_timeout(timeout(3))
    ssl_conn.setup_ssl()
    ssl_conn_res = ssl_conn.accept_ssl()

    if ssl_conn_res == 1:
        print "SSL connection accepted"
    else:
        err = ssl_conn.ssl_get_error(ssl_conn_res)
        print "SSL handshake failed: res=%d, error=%s" % (ssl_conn_res, err)
Exemplo n.º 8
0
def main():
    print 'initializing ctx ...'
    ctx = M2Crypto.SSL.Context()
    ctx.load_cert_chain(certchainfile=CERTFILE, keyfile=KEYFILE)
    ctx.set_options(m2.SSL_OP_ALL)
    ctx.set_cipher_list('ALL')

    print 'initializing socket ...'
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.bind(('0.0.0.0', 8443))
    sock.listen(1)
    conn, addr = sock.accept()

    print 'ssl handshake ...'
    ssl_conn = M2Crypto.SSL.Connection(ctx=ctx, sock=conn)
    ssl_conn.set_socket_read_timeout(timeout(3))
    ssl_conn.setup_ssl()
    ssl_conn_res = ssl_conn.accept_ssl()

    if ssl_conn_res == 1:
        print 'SSL connection accepted'
    else:
        err = ssl_conn.ssl_get_error(ssl_conn_res)
        print 'SSL handshake failed: res=%d, error=%s' % (ssl_conn_res, err)