def send_data(i):
p = SocketPair(TlsClient("client{0}".format(i), 'root', 13001),
TcpServer(13002))
counter = 0
while counter < 100:
r = random.random()
if r < 0.4:
time.sleep(r)
continue
counter += 1
if r < 0.7:
p.validate_can_send_from_client(
"blah blah blah",
"{0}:{1} client -> server".format(i, counter))
else:
p.validate_can_send_from_server(
"blah blah blah",
"{0}:{1} server -> client".format(i, counter))
r = random.random()
if r < 0.5:
p.validate_closing_client_closes_server(
"{0} client close -> server close".format(i))
else:
p.validate_closing_server_closes_client(
"{0} server close -> client close".format(i))
ghostunnel = run_ghostunnel([
'client', '--listen={0}:13001'.format(LOCALHOST),
'--target=localhost:13002', '--cacert=root.crt',
'--disable-authentication',
'--status={0}:{1}'.format(LOCALHOST, STATUS_PORT)
])
# connect to server1, confirm that the tunnel is up
pair = SocketPair(
TcpClient(13001),
TlsServer('server1', 'root', 13002, cert_reqs=ssl.CERT_NONE))
pair.validate_can_send_from_client("hello world",
"1: client -> server")
pair.validate_can_send_from_server("hello world",
"1: server -> client")
pair.validate_closing_client_closes_server(
"1: client closed -> server closed")
# connect to other_server, confirm that the tunnel isn't up
try:
pair = SocketPair(
TcpClient(13001),
TlsServer('other_server',
'other_root',
13002,
cert_reqs=ssl.CERT_NONE))
raise Exception('failed to reject other_server')
except ssl.SSLError:
print_ok("other_server with unknown CA correctly rejected")
# connect to server2, confirm that the tunnel isn't up
try:
'--target=localhost:13002',
'--keystore=client.p12',
'--cacert=root.crt',
'--timed-reload=1s',
'--override-server-name=foobar',
'--status={0}:{1}'.format(LOCALHOST,
STATUS_PORT)])
# connect to server1, confirm that the tunnel is up
pair = SocketPair(TcpClient(13001), TlsServer(
'server2', 'root', 13002))
pair.validate_can_send_from_client(
"hello world", "1: client -> server")
pair.validate_can_send_from_server(
"hello world", "1: server -> client")
pair.validate_closing_client_closes_server(
"1: client closed -> server closed")
# connect to other_server, confirm that the tunnel isn't up
try:
pair = SocketPair(TcpClient(13001), TlsServer(
'other_server', 'other_root', 13002))
raise Exception('failed to reject other_server')
except ssl.SSLError:
print_ok("other_server correctly rejected")
# connect to server2, confirm that the tunnel isn't up
try:
pair = SocketPair(TcpClient(13001), TlsServer(
'server1', 'root', 13002))
raise Exception('failed to reject server1')
except ssl.SSLError:
root.create_signed_cert('client')
httpd = http.server.HTTPServer(
(LOCALHOST, 13080), FakeConnectProxyHandler)
server = threading.Thread(target=httpd.handle_request)
server.start()
# start ghostunnel
ghostunnel = run_ghostunnel(['client',
'--listen={0}:13001'.format(LOCALHOST),
'--target={0}:13002'.format(LOCALHOST),
'--keystore=client.p12',
'--cacert=root.crt',
'--connect-proxy=http://{0}:13080'.format(LOCALHOST),
'--connect-timeout=30s',
'--status={0}:{1}'.format(LOCALHOST,
STATUS_PORT)])
# connect to server, confirm that the tunnel is up
pair = SocketPair(TcpClient(13001), TlsServer('server', 'root', 13002))
pair.validate_can_send_from_client(
'hello world', '1: client -> server')
pair.validate_can_send_from_server(
'hello world', '1: server -> client')
pair.validate_closing_client_closes_server('closing client')
pair.cleanup()
print_ok("OK")
finally:
terminate(ghostunnel)