def __init__(self, protocol='sslv23', weak_crypto=None): proto = getattr(m2, protocol + '_method', None) if proto is None: raise ValueError, "no such protocol '%s'" % protocol self.ctx = m2.ssl_ctx_new(proto()) self.allow_unknown_ca = 0 map()[long(self.ctx)] = self m2.ssl_ctx_set_cache_size(self.ctx, 128L) if weak_crypto is None: if protocol == 'sslv23': self.set_options(m2.SSL_OP_ALL | m2.SSL_OP_NO_SSLv2) self.set_cipher_list('ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH')
def __init__(self, protocol='tls', weak_crypto=None, post_connection_check=None): # type: (str, Optional[int], Optional[Callable]) -> None proto = getattr(m2, protocol + '_method', None) if proto is None: # default is 'sslv23' for older versions of OpenSSL if protocol == 'tls': proto = getattr(m2, 'sslv23_method') else: raise ValueError("no such protocol '%s'" % protocol) self.ctx = m2.ssl_ctx_new(proto()) self.allow_unknown_ca = 0 # type: Union[int, bool] self.post_connection_check = post_connection_check ctxmap()[int(self.ctx)] = self m2.ssl_ctx_set_cache_size(self.ctx, 128) if weak_crypto is None and protocol in ('sslv23', 'tls'): self.set_options(m2.SSL_OP_ALL | m2.SSL_OP_NO_SSLv2 | m2.SSL_OP_NO_SSLv3)
def c_style(HOST, PORT, req): # Set up SSL context. ctx = m2.ssl_ctx_new(m2.sslv3_method()) m2.ssl_ctx_use_cert(ctx, 'client.pem') m2.ssl_ctx_use_privkey(ctx, 'client.pem') # Make the socket connection. s = socket(AF_INET, SOCK_STREAM) s.connect((HOST, PORT)) # Set up the SSL connection. sbio = m2.bio_new_socket(s.fileno(), 0) ssl = m2.ssl_new(ctx) m2.ssl_set_bio(ssl, sbio, sbio) m2.ssl_connect(ssl) sslbio = m2.bio_new(m2.bio_f_ssl()) m2.bio_set_ssl(sslbio, ssl, 0) # Push a buffering BIO over the SSL BIO. iobuf = m2.bio_new(m2.bio_f_buffer()) topbio = m2.bio_push(iobuf, sslbio) # Send the request. m2.bio_write(sslbio, req) # Receive the response. while 1: data = m2.bio_gets(topbio, 4096) if not data: break sys.stdout.write(data) # Cleanup. May be missing some necessary steps. ;-| m2.bio_pop(topbio) m2.bio_free(iobuf) m2.ssl_shutdown(ssl) m2.ssl_free(ssl) m2.ssl_ctx_free(ctx) s.close()