class ClientTLSOptionsFactory(object): """Factory for Twisted ClientTLSOptions that are used to make connections to remote servers for federation.""" def __init__(self, config): self._config = config self._options_noverify = CertificateOptions() # Check if we're using a custom list of a CA certificates trust_root = config.federation_ca_trust_root if trust_root is None: # Use CA root certs provided by OpenSSL trust_root = platformTrust() self._options_verify = CertificateOptions(trustRoot=trust_root) def get_options(self, host): # Use _makeContext so that we get a fresh OpenSSL CTX each time. # Check if certificate verification has been enabled should_verify = self._config.federation_verify_certificates # Check if we've disabled certificate verification for this host if should_verify: for regex in self._config.federation_certificate_verification_whitelist: if regex.match(host): should_verify = False break if should_verify: return ClientTLSOptions(host, self._options_verify._makeContext()) return ClientTLSOptionsNoVerify(host, self._options_noverify._makeContext())
class ClientTLSOptionsFactory(object): """Factory for Twisted ClientTLSOptions that are used to make connections to remote servers for federation.""" def __init__(self, config): self._config = config self._options_noverify = CertificateOptions() # Check if we're using a custom list of a CA certificates trust_root = config.federation_ca_trust_root if trust_root is None: # Use CA root certs provided by OpenSSL trust_root = platformTrust() self._options_verify = CertificateOptions(trustRoot=trust_root) def get_options(self, host): # Use _makeContext so that we get a fresh OpenSSL CTX each time. # Check if certificate verification has been enabled should_verify = self._config.federation_verify_certificates # Check if we've disabled certificate verification for this host if should_verify: for regex in self._config.federation_certificate_verification_whitelist: if regex.match(host): should_verify = False break if should_verify: return ClientTLSOptions(host, self._options_verify._makeContext()) return ClientTLSOptionsNoVerify(host, self._options_noverify._makeContext())
class ClientTLSOptionsFactory(object): """Factory for Twisted ClientTLSOptions that are used to make connections to remote servers for federation.""" def __init__(self, config): # We don't use config options yet self._options = CertificateOptions(verify=False) def get_options(self, host): # Use _makeContext so that we get a fresh OpenSSL CTX each time. return ClientTLSOptions(host, self._options._makeContext())
def _makeContext(self): context = CertificateOptions._makeContext(self) context.set_verify( SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, self.verify_callback) return context
def _makeContext(self): context = CertificateOptions._makeContext(self) context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, self.verify_callback) return context