def __init__(self, host, port, info, sslenabled, nw, block=False, write_fds=None): self.host = host self.port = port self.nw = nw self.blocking = block self.error_msg = None if not info: raise socket.error(errno.EADDRNOTAVAIL, "Address not available - Check for internet or DNS problems") af, socktype, proto, canonname, sa = info[0] # there will be a connect to host (or self.host, so let's force set 'af' to the correct value if probablyipv4(host): af = socket.AF_INET if probablyipv6(host): af = socket.AF_INET6 if sslenabled: # Use context or just wrapper if sabnzbd.HAVE_SSL_CONTEXT: # Setup the SSL socket ctx = ssl.create_default_context() # Only verify hostname when we're strict if nw.server.ssl_verify < 2: ctx.check_hostname = False # Certificates optional if nw.server.ssl_verify == 0: ctx.verify_mode = ssl.CERT_NONE # Did the user set a custom cipher-string? if nw.server.ssl_ciphers: # At their own risk, socket will error out in case it was invalid ctx.set_ciphers(nw.server.ssl_ciphers) self.sock = ctx.wrap_socket(socket.socket(af, socktype, proto), server_hostname=str(nw.server.host)) else: # Ciphers have to be None, if set to empty-string it will fail on <2.7.9 ciphers = nw.server.ssl_ciphers if nw.server.ssl_ciphers else None # Use a regular wrapper, no certificate validation self.sock = ssl.wrap_socket(socket.socket(af, socktype, proto), ciphers=ciphers) else: self.sock = socket.socket(af, socktype, proto) try: # Open the connection in a separate thread due to avoid blocking # For server-testing we do want blocking if not block: Thread(target=con, args=(self.sock, self.host, self.port, sslenabled, write_fds, self)).start() else: # if blocking (server test) only wait for 15 seconds during connect until timeout self.sock.settimeout(15) self.sock.connect((self.host, self.port)) if sslenabled: # Log SSL/TLS info logging.info("%s@%s: Connected using %s (%s)", self.nw.thrdnum, self.nw.server.host, get_ssl_version(self.sock), self.sock.cipher()[0]) self.nw.server.ssl_info = "%s (%s)" % (get_ssl_version(self.sock), self.sock.cipher()[0]) except (ssl.SSLError, CertificateError) as e: self.error(e) except socket.error, e: try: # socket.error can either return a string or a tuple if isinstance(e, tuple): (_errno, strerror) = e else: # Are we safe to hardcode the ETIMEDOUT error? (_errno, strerror) = (errno.ETIMEDOUT, str(e)) e = (_errno, strerror) # expected, do nothing if _errno == errno.EINPROGRESS: pass finally: self.error(e)
def __init__(self, host, port, info, sslenabled, nw, block=False, write_fds=None): self.host = host self.port = port self.nw = nw self.blocking = block self.error_msg = None if not info: raise socket.error( errno.EADDRNOTAVAIL, "Address not available - Check for internet or DNS problems") af, socktype, proto, canonname, sa = info[0] # there will be a connect to host (or self.host, so let's force set 'af' to the correct value if probablyipv4(host): af = socket.AF_INET if probablyipv6(host): af = socket.AF_INET6 if sslenabled: # Use context or just wrapper if sabnzbd.CERTIFICATE_VALIDATION: # Setup the SSL socket ctx = ssl.create_default_context() if sabnzbd.cfg.require_modern_tls(): # We want a modern TLS (1.2 or higher), so we disallow older protocol versions (<= TLS 1.1) ctx.options |= ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 # Only verify hostname when we're strict if nw.server.ssl_verify < 2: ctx.check_hostname = False # Certificates optional if nw.server.ssl_verify == 0: ctx.verify_mode = ssl.CERT_NONE # Did the user set a custom cipher-string? if nw.server.ssl_ciphers: # At their own risk, socket will error out in case it was invalid ctx.set_ciphers(nw.server.ssl_ciphers) self.sock = ctx.wrap_socket(socket.socket(af, socktype, proto), server_hostname=str( nw.server.host)) else: # Use a regular wrapper, no certificate validation self.sock = ssl.wrap_socket(socket.socket(af, socktype, proto), ciphers=sabnzbd.cfg.ssl_ciphers()) else: self.sock = socket.socket(af, socktype, proto) try: # Open the connection in a separate thread due to avoid blocking # For server-testing we do want blocking if not block: Thread(target=con, args=(self.sock, self.host, self.port, sslenabled, write_fds, self)).start() else: # if blocking (server test) only wait for 15 seconds during connect until timeout self.sock.settimeout(15) self.sock.connect((self.host, self.port)) if sslenabled: # Log SSL/TLS info logging.info( "%s@%s: Connected using %s (%s)", self.nw.thrdnum, self.nw.server.host, self.sock.version(), self.sock.cipher()[0], ) self.nw.server.ssl_info = "%s (%s)" % ( self.sock.version(), self.sock.cipher()[0]) except (ssl.SSLError, ssl.CertificateError) as e: self.error(e) except socket.error as e: try: # socket.error can either return a string or a tuple if isinstance(e, tuple): (_errno, strerror) = e else: # Are we safe to hardcode the ETIMEDOUT error? (_errno, strerror) = (errno.ETIMEDOUT, str(e)) e = (_errno, strerror) # expected, do nothing if _errno == errno.EINPROGRESS: pass finally: self.error(e)
def test_localipv4(self): local_ipv4 = localipv4() assert probablyipv4(local_ipv4)
def __init__(self, host, port, info, sslenabled, send_group, nw, user=None, password=None, block=False, write_fds=None): self.host = host self.port = port self.nw = nw self.blocking = block self.error_msg = None if not info: raise socket.error( errno.EADDRNOTAVAIL, "Address not available - Check for internet or DNS problems") af, socktype, proto, canonname, sa = info[0] # there will be a connect to host (or self.host, so let's force set 'af' to the correct value if probablyipv4(host): af = socket.AF_INET if probablyipv6(host): af = socket.AF_INET6 if sslenabled: # Use context or just wrapper if sabnzbd.HAVE_SSL_CONTEXT: # Setup the SSL socket ctx = ssl.create_default_context() # Only verify hostname when we're strict if (nw.server.ssl_verify < 2): ctx.check_hostname = False # Certificates optional if (nw.server.ssl_verify == 0): ctx.verify_mode = ssl.CERT_NONE # Did the user set a custom cipher-string? if (nw.server.ssl_ciphers): # At their own risk, socket will error out in case it was invalid ctx.set_ciphers(nw.server.ssl_ciphers) self.sock = ctx.wrap_socket(socket.socket(af, socktype, proto), server_hostname=str( nw.server.host)) else: # Ciphers have to be None, if set to empty-string it will fail on <2.7.9 ciphers = nw.server.ssl_ciphers if nw.server.ssl_ciphers else None # Use a regular wrapper, no certificate validation self.sock = ssl.wrap_socket(socket.socket(af, socktype, proto), ciphers=ciphers) else: self.sock = socket.socket(af, socktype, proto) try: # Open the connection in a separate thread due to avoid blocking # For server-testing we do want blocking if not block: Thread(target=con, args=(self.sock, self.host, self.port, sslenabled, write_fds, self)).start() else: # if blocking (server test) only wait for 15 seconds during connect until timeout self.sock.settimeout(15) self.sock.connect((self.host, self.port)) if sslenabled: # Log SSL/TLS info logging.info("%s@%s: Connected using %s (%s)", self.nw.thrdnum, self.nw.server.host, get_ssl_version(self.sock), self.sock.cipher()[0]) self.nw.server.ssl_info = "%s (%s)" % (get_ssl_version( self.sock), self.sock.cipher()[0]) except (ssl.SSLError, CertificateError) as e: self.error(e) except socket.error, e: try: # socket.error can either return a string or a tuple if isinstance(e, tuple): (_errno, strerror) = e else: # Are we safe to hardcode the ETIMEDOUT error? (_errno, strerror) = (errno.ETIMEDOUT, str(e)) e = (_errno, strerror) # expected, do nothing if _errno == errno.EINPROGRESS: pass finally: self.error(e)
def test_publicipv4(self): public_ipv4 = publicipv4() assert probablyipv4(public_ipv4)