def _createSSLEngine(self, addr, hostname=None, cert_file=None, key_file=None): trust_managers = [NoVerifyX509TrustManager()] if self.verify_mode == CERT_REQUIRED: tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) tmf.init(self._trust_store) trust_managers = [CompositeX509TrustManager(tmf.getTrustManagers())] context = _JavaSSLContext.getInstance(self._protocol_name) if self._key_managers is None: context.init( _get_openssl_key_manager( cert_file=cert_file, key_file=key_file).getKeyManagers(), trust_managers, None) else: context.init( self._key_managers.getKeyManagers(), trust_managers, None) if hostname is not None: engine = context.createSSLEngine(hostname, addr[1]) else: engine = context.createSSLEngine(*addr) # apparently this can be used to enforce hostname verification if hostname is not None and self._check_hostname: params = engine.getSSLParameters() params.setEndpointIdentificationAlgorithm('HTTPS') engine.setSSLParameters(params) if self._ciphers is not None: engine.setEnabledCipherSuites(self._ciphers) return engine
def _createSSLEngine(self, addr, hostname=None, cert_file=None, key_file=None): trust_managers = [NoVerifyX509TrustManager()] if self.verify_mode == CERT_REQUIRED: tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) tmf.init(self._trust_store) trust_managers = [CompositeX509TrustManager(tmf.getTrustManagers())] context = _JavaSSLContext.getInstance(self._protocol_name) if self._key_managers is None: context.init( _get_openssl_key_manager( cert_file=cert_file, key_file=key_file).getKeyManagers(), trust_managers, None) else: context.init( self._key_managers.getKeyManagers(), trust_managers, None) # addr could be ipv6, only extract relevant parts engine = context.createSSLEngine((hostname or addr[0]), addr[1]) # apparently this can be used to enforce hostname verification if hostname is not None and self._check_hostname: params = engine.getSSLParameters() params.setEndpointIdentificationAlgorithm('HTTPS') engine.setSSLParameters(params) if self._ciphers is not None: engine.setEnabledCipherSuites(self._ciphers) return engine
def __init__(self, protocol): protocol_name = _PROTOCOL_NAMES[protocol] if protocol == PROTOCOL_SSLv23: # darjus: at least my Java does not let me use v2 protocol_name = 'SSL' self.protocol = protocol self.check_hostname = False self.options = OP_ALL self.verify_flags = None self.verify_mode = CERT_NONE self._ciphers = None self._trust_store = KeyStore.getInstance(KeyStore.getDefaultType()) self._trust_store.load(None, None) self._key_store = KeyStore.getInstance(KeyStore.getDefaultType()) self._key_store.load(None, None) self._context = _JavaSSLContext.getInstance(protocol_name) self._key_managers = None