def getContext(self, hostname, port):
ctx = ClientContextFactory.getContext(self)
ctx.set_options(SSL.OP_NO_SSLv2)
if self._verify:
ctx.load_verify_locations(None, self._verify_location)
ctx.set_verify(SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT, self._verifyCert)
return ctx
def getContext(self):
ctx = ClientContextFactory.getContext(self)
if self.cfile:
ctx.use_certificate_file(self.cfile)
if self.kfile:
ctx.use_privatekey_file(self.kfile)
return ctx
class MyWebClientContextFactory(object):
def __init__(self):
self._options = ClientContextFactory()
def getContext(self, hostname, port):
return self._options.getContext()
def getContext(self):
ctx = ClientContextFactory.getContext(self)
# Enable all workarounds to SSL bugs as documented by
# http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
ctx.set_options(OP_ALL)
if self.hostname:
ScrapyClientTLSOptions(self.hostname, ctx)
return ctx
def getContext(self, hostname=None, port=None):
ctx = ClientContextFactory.getContext(self)
# Enable all workarounds to SSL bugs as documented by
# http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
ctx.set_options(SSL.OP_ALL)
if hostname:
ClientTLSOptions(hostname, ctx)
return ctx
def getContext(self, hostname=None, port=None):
ctx = ClientContextFactory.getContext(self)
# Enable all workarounds to SSL bugs as documented by
# http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
ctx.set_options(SSL.OP_ALL)
if hostname:
ClientTLSOptions(hostname, ctx)
return ctx
def getContext(self):
ctx = ClientContextFactory.getContext(self)
# Enable all workarounds to SSL bugs as documented by
# http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
ctx.set_options(OP_ALL)
if self.hostname:
ScrapyClientTLSOptions(self.hostname, ctx)
return ctx
def _get_noverify_context(self):
"""
Use ClientContextFactory directly and set the method if necessary.
This will perform no host verification at all.
"""
from twisted.internet.ssl import ClientContextFactory
context_factory = ClientContextFactory()
if self.ssl_method is not None:
context_factory.method = self.ssl_method
return context_factory.getContext()
def getContext(self):
"""Create an SSL context.
This is a sample implementation that loads a certificate from a file
called 'client.pem'."""
ctx = ClientContextFactory.getContext(self)
ctx.use_certificate_file(self.certificateFileName)
ctx.use_privatekey_file(self.privateKeyFileName)
ctx.load_client_ca(self.certificateChainFile)
ctx.load_verify_locations(self.certificateChainFile)
ctx.set_verify(VERIFY_PEER|VERIFY_FAIL_IF_NO_PEER_CERT,
self._verify)
ctx.set_verify_depth(10)
return ctx
def getContext(self, hostname, port):
self.method = SSL.SSLv23_METHOD
ctx = ClientContextFactory.getContext(self)
if 'cert' in self.ssl_opts and 'key' in self.ssl_opts:
ctx.use_certificate_file(os.path.expanduser(self.ssl_opts['cert']))
ctx.use_privatekey_file(os.path.expanduser(self.ssl_opts['key']))
if 'verify' in self.ssl_opts and to_bool(self.ssl_opts['verify']):
ctx.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
self.verifyCallback)
if 'ca' in self.ssl_opts:
ctx.load_verify_locations(os.path.expanduser(self.ssl_opts['CAFile']))
return ctx
def getContext(self, hostname=None, port=None):
ctx = ClientContextFactory.getContext(self)
# Enable all workarounds to SSL bugs as documented by
# http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
ctx.set_options(SSL.OP_ALL)
if hostname:
ClientTLSOptions(hostname, ctx)
return ctx
from OpenSSL import SSL
# class CustomContextFactory(ScrapyClientContextFactory):
# """
# Custom context factory that allows SSL negotiation.
# """
# def __init__(self):
# # Use SSLv23_METHOD so we can use protocol negotiation
# self.method = SSL.SSLv23_METHOD
def getContext(self, hostname):
print(hostname)
return ClientContextFactory.getContext(self)
def getContext(self, hostname=None, port=None):
ctx = ClientContextFactory.getContext(self)
ctx.set_options(SSL.OP_ALL)
if hostname:
ClientTLSOptions(hostname, ctx)
return ctx
def getContext(self, hostname, port):
# FIXME: no attempt to verify certificates!
return ClientContextFactory.getContext(self)
def getContext(self, hostname, port):
print ">>> getContext", hostname, port
ctx = ClientContextFactory.getContext(self)
ctx.set_verify(SSL.VERIFY_NONE, self.verifyHost)
return ctx
def getContext(self, *_):
return ClientContextFactory.getContext(self)
def getContext(self, hostname=None, port=None):
ctx = ClientContextFactory.getContext(self)
# Enable all workarounds to SSL bugs as documented by
# https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html
ctx.set_options(SSL.OP_ALL)
return ctx
def getContext(self):
"""Get the parent context but disable SSLv3."""
ctx = ClientContextFactory.getContext(self)
ctx.set_options(OP_NO_SSLv3)
return ctx
def getContext(self, hostname, port): return ClientContextFactory.getContext(self)
def getContext(self, host=None, port=None):
return ClientContextFactory.getContext(self)
def getContext(self, hostname, port):
"""Provide Twisted Web client context."""
return ClientContextFactory.getContext(self)
def getContext(self):
ctx = ClientContextFactory.getContext(self)
# Enable all workarounds to SSL bugs as documented by
# http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
ctx.set_options(SSL.OP_ALL)
return ctx
def getContext(self, host, port):
ctx = ClientContextFactory.getContext(self)
ctx.set_verify_depth(0)
ctx.set_verify(OpenSSL.SSL.VERIFY_PEER | OpenSSL.SSL.VERIFY_FAIL_IF_NO_PEER_CERT, self.verifyHostname)
return ctx
def getContext(self, *_a):
return ClientContextFactory.getContext(self)
def getContext(self, hostname=None, port=None):
ctx = ClientContextFactory.getContext(self)
ctx.set_options(SSL.OP_ALL)
if hostname and ClientTLSOptions is not None: # workaround for TLS SNI
ClientTLSOptions(hostname, ctx)
return ctx
def getContext(self):
self.method = SSL.SSLv23_METHOD
ctx = ClientContextFactory.getContext(self)
return ctx
def getContext(self, hostname, port):
""" Returns a ClientConextFactory used to prepare a
connection to the Blackberry push service. """
return ClientContextFactory.getContext(self)
def getContext(self):
"""Get the parent context but disable SSLv3."""
ctx = ClientContextFactory.getContext(self)
ctx.set_options(OP_NO_SSLv3)
return ctx
def getContext(self):
ctx = ClientContextFactory.getContext(self)
# Enable all workarounds to SSL bugs as documented by
# http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html
ctx.set_options(SSL.OP_ALL)
return ctx
def getContext(self):
self.method = SSL.SSLv23_METHOD
ctx = ClientContextFactory.getContext(self)
return ctx
def getContext(self, hostname, port):
"""
This is overridden to disable certificate checking so that this
tool can be used in any environment
"""
return ClientContextFactory.getContext(self)
def getContext(self, hostname, port):
return ClientContextFactory.getContext(self)
def getContext(self, hostname=None, port=None):
ctx = ClientContextFactory.getContext(self)
# Enable all workarounds to SSL bugs as documented by
# https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html
ctx.set_options(SSL.OP_ALL)
return ctx
