Exemplo n.º 1
0
 def _ensure_loaded(self):
     if self._loaded:
         return
     self.ca_file = extras.get_extras_path(self.ca_file)
     if not os.path.exists(self.ca_file):
         self._generate_ca()
     else:
         self._read_ca(self.ca_file)
     self._loaded = True
Exemplo n.º 2
0
    def _start_client_ssl_connection(self):
        server_cert = self.server_socket.get_peer_certificate()
        handler_cert = self.handler.on_certificate(server_cert)
        ciphers_list = self.handler.on_server_cipher_suites(self.client_hello)

        context = SSL.Context(SSL.SSLv23_METHOD)
        context.set_verify(SSL.VERIFY_NONE, stub_verify)
        if ciphers_list is not None:
            context.set_cipher_list(ciphers_list)
        if handler_cert is not None:
            context.use_certificate_chain_file(handler_cert)
            context.use_privatekey_file(handler_cert)

        # Required for anonymous/ephemeral DH cipher suites
        params_path = extras.get_extras_path("./dhparam")
        if os.path.exists(params_path):
            context.load_tmp_dh(extras.get_extras_path("./dhparam"))
        else:
            self.logger.warning("Required file dhparam not found, anonymous/ephemeral DH cipher suites may not work")

        # Required for anonymous/ephemeral ECDH cipher suites
        # The API is not available in the old version of pyOpenSSL which we
        # currently use. Without the code below, anonymous and ephemeral
        # ECDH cipher suites will not be used.
        if hasattr(context, "set_tmp_ecdh"):
            curve = crypto.get_elliptic_curve("prime256v1")
            context.set_tmp_ecdh(curve)

        # Send our ServerHello to the Client. Note that the Client's ClientHello
        # MUST be the first thing that self.client_socket.recv() returns
        connection = SSL.Connection(context, self.client_socket)
        connection.set_accept_state()
        self.client_socket = ConnectionWrapper(connection)
        self.client_bridge_fn = self._gen_ssl_connect_fn(connection,
                self._on_client_ssl_established)
        # Only listen for client events until the connection is established
        self.set_select_fds(rlist=[self.client_socket])
        # Start the handshake
        self.client_bridge_fn()
 def check_files_precondition():
     for file in files:
         if not os.path.exists(extras.get_extras_path(file)):
             return False, "required file %s not found" % (file)
     return True, ""
Exemplo n.º 4
0
 def check_files_precondition():
     for file in files:
         if not os.path.exists(extras.get_extras_path(file)):
             return False, "required file %s not found" % (file)
     return True, ""