def _validate_ssl_fingerprint(self, transp, host, port): has_cert = transp.get_extra_info('sslcontext') if has_cert and self._fingerprint: sock = transp.get_extra_info('socket') if not hasattr(sock, 'getpeercert'): # Workaround for asyncio 3.5.0 # Starting from 3.5.1 version # there is 'ssl_object' extra info in transport sock = transp._ssl_protocol._sslpipe.ssl_object # gives DER-encoded cert as a sequence of bytes (or None) cert = sock.getpeercert(binary_form=True) assert cert got = self._hashfunc(cert).digest() expected = self._fingerprint if got != expected: transp.close() if not self._cleanup_closed_disabled: self._cleanup_closed_transports.append(transp) raise aiohttp.ServerFingerprintMismatch( expected, got, host, port)
async def _create_socks_connection(self, req): sslcontext = self._get_ssl_context(req) fingerprint, hashfunc = self._get_fingerprint_and_hashfunc(req) if not self._remote_resolve: try: dst_hosts = list(await self._resolve_host(req.host, req.port)) dst = dst_hosts[0]['host'], dst_hosts[0]['port'] except OSError as exc: raise aiohttp.ClientConnectorError(req.connection_key, exc) from exc else: dst = req.host, req.port try: proxy_hosts = await self._resolve_host(req.proxy.host, req.proxy.port) except OSError as exc: raise aiohttp.ClientConnectorError(req.connection_key, exc) from exc last_exc = None for hinfo in proxy_hosts: if req.proxy.scheme == 'socks4': proxy = Socks4Addr(hinfo['host'], hinfo['port']) else: proxy = Socks5Addr(hinfo['host'], hinfo['port']) try: transp, proto = await self._wrap_create_socks_connection( self._factory, proxy, req.proxy_auth, dst, loop=self._loop, remote_resolve=self._remote_resolve, ssl=sslcontext, family=hinfo['family'], proto=hinfo['proto'], flags=hinfo['flags'], local_addr=self._local_addr, req=req, server_hostname=req.host if sslcontext else None) except aiohttp.ClientConnectorError as exc: last_exc = exc continue has_cert = transp.get_extra_info('sslcontext') if has_cert and fingerprint: sock = transp.get_extra_info('socket') if not hasattr(sock, 'getpeercert'): # Workaround for asyncio 3.5.0 # Starting from 3.5.1 version # there is 'ssl_object' extra info in transport sock = transp._ssl_protocol._sslpipe.ssl_object # gives DER-encoded cert as a sequence of bytes (or None) cert = sock.getpeercert(binary_form=True) assert cert got = hashfunc(cert).digest() expected = fingerprint if got != expected: transp.close() if not self._cleanup_closed_disabled: self._cleanup_closed_transports.append(transp) last_exc = aiohttp.ServerFingerprintMismatch( expected, got, req.host, req.port) continue return transp, proto else: raise last_exc