def set_session_id_ctx(self, id): # type: (bytes) -> None """Sets the session id for the SSL.Context w/in a session can be reused. @param id: Sessions are generated within a certain context. When exporting/importing sessions with i2d_SSL_SESSION/d2i_SSL_SESSION it would be possible, to re-import a session generated from another context (e.g. another application), which might lead to malfunctions. Therefore each application must set its own session id context sid_ctx which is used to distinguish the contexts and is stored in exported sessions. The sid_ctx can be any kind of binary data with a given length, it is therefore possible to use e.g. the name of the application and/or the hostname and/or service name. """ ret = m2.ssl_ctx_set_session_id_context(self.ctx, id) if not ret: raise Err.SSLError(Err.get_error_code(), '')
def M2CryptoConnectionAccept(self): """ Alternate implementation for M2Crypto.SSL.Connection.accept This implementation sets the read/write timeouts on the socket and checks for an error in the SSL accept. Any time a client connects to the servers and doesn't finish the SSL accept negotiations, the server is hung until the client goes away. Timeouts fix this by only allowing a client to hang the server for ten seconds. This functionality will be rolled back to the M2Crypto project as soon as possible. When it appears in an M2Crypto release, we can do away with this patch. """ sock, addr = self.socket.accept() ssl = SSL.Connection(self.ctx, sock) # set a 10s timeout on the listening socket if sys.platform not in ['win32']: t = SSL.timeout(10, 0) ssl.set_socket_read_timeout(t) ssl.set_socket_write_timeout(t) ssl.addr = addr ssl.setup_ssl() ssl.set_accept_state() ret = ssl.accept_ssl() err = m2.ssl_get_error(ssl.ssl, ret) if err != m2.ssl_error_none: ssl.socket.close() raise Err.SSLError(ret, addr) check = getattr(self, 'postConnectionCheck', self.serverPostConnectionCheck) if check is not None: if not check(self.get_peer_cert(), ssl.addr[0]): raise Checker.SSLVerificationError, 'post connection check failed' return ssl, addr
def set_session_id_ctx(self, id): ret = m2.ssl_ctx_set_session_id_context(self.ctx, id) if not ret: raise Err.SSLError(Err.get_error_code(), '')