def ctSSL_initialize(multithreading=False, zlib=False): """ Initialize ctSSL's ctypes bindings, and OpenSSL libraries and error strings. Should always be called before any other ctSSL function. @type multithreading: boolean @param multithreading: Initialize OpenSSL multithreading support. TODO: This actually doesn't do anything ATM. @type zlib: boolean @param zlib: Initialize support for Zlib compression. """ # Initialize multithreading multithreading = False # TODO: Clean start. Disabled for now, causes issues # Might not be required ? if multithreading: openSSL_threading_init() openSSL_threading = True # Initialize libraries and error strings libssl.SSL_library_init() libssl.SSL_load_error_strings() if libcrypto.RAND_status() != 1: raise ctSSLInitError('OpenSSL PRNG not seeded with enough data.') # Tell ctypes the arguments and return types for every C function that is exposed BIO.init_BIO_functions() SSL_CTX.init_SSL_CTX_functions() SSL.init_SSL_functions() SSL_SESSION.init_SSL_SESSION_functions() X509.init_X509_functions() errors.init_ERR_functions() if zlib: # Enable Zlib compression. Can only be done globally. try: libcrypto.COMP_zlib.argtypes = [] libcrypto.COMP_zlib.restype = c_void_p libssl.SSL_COMP_add_compression_method.argtypes = [c_int, c_void_p] libssl.SSL_COMP_add_compression_method.restype = c_int zlib_comp_p = libcrypto.COMP_zlib() has_zlib = libssl.SSL_COMP_add_compression_method(1, zlib_comp_p) except AttributeError: # OpenSSL is super old and COMP_XX() is not defined ? raise errors.ctSSLFeatureNotAvailable( "Could not enable Zlib compression: not supported by the version of the OpenSSL library that was loaded ?" ) except: # TODO: Check for common errors here and add meaningful error message raise if has_zlib != 0: raise errors.ctSSLFeatureNotAvailable( "Could not enable Zlib compression: OpenSSL was not built with Zlib support ?" ) features_not_available.ZLIB_NOT_AVAIL = False
def ctSSL_initialize(multithreading=False, zlib=False): """ Initialize ctSSL's ctypes bindings, and OpenSSL libraries and error strings. Should always be called before any other ctSSL function. @type multithreading: boolean @param multithreading: Initialize OpenSSL multithreading support. TODO: This actually doesn't do anything ATM. @type zlib: boolean @param zlib: Initialize support for Zlib compression. """ # Initialize multithreading multithreading = False # TODO: Clean start. Disabled for now, causes issues # Might not be required ? if multithreading: openSSL_threading_init() openSSL_threading = True # Initialize libraries and error strings libssl.SSL_library_init() libssl.SSL_load_error_strings() if libcrypto.RAND_status() != 1: raise ctSSLInitError("OpenSSL PRNG not seeded with enough data.") # Tell ctypes the arguments and return types for every C function that is exposed BIO.init_BIO_functions() SSL_CTX.init_SSL_CTX_functions() SSL.init_SSL_functions() SSL_SESSION.init_SSL_SESSION_functions() X509.init_X509_functions() errors.init_ERR_functions() if zlib: # Enable Zlib compression. Can only be done globally. try: libcrypto.COMP_zlib.argtypes = [] libcrypto.COMP_zlib.restype = c_void_p libssl.SSL_COMP_add_compression_method.argtypes = [c_int, c_void_p] libssl.SSL_COMP_add_compression_method.restype = c_int zlib_comp_p = libcrypto.COMP_zlib() has_zlib = libssl.SSL_COMP_add_compression_method(1, zlib_comp_p) except AttributeError: # OpenSSL is super old and COMP_XX() is not defined ? raise errors.ctSSLFeatureNotAvailable( "Could not enable Zlib compression: not supported by the version of the OpenSSL library that was loaded ?" ) except: # TODO: Check for common errors here and add meaningful error message raise if has_zlib != 0: raise errors.ctSSLFeatureNotAvailable( "Could not enable Zlib compression: OpenSSL was not built with Zlib support ?" ) features_not_available.ZLIB_NOT_AVAIL = False
def __init__(self, ssl_version='sslv23'): """ Create a new SSL_CTX instance. @type ssl_version: str @param ssl_version: SSL protocol version to use. Should be 'sslv23', 'sslv2', 'sslv3', 'tlsv1', 'tlsv1_1' or 'tlsv1_2'. @raise ctSSL.errors.ctSSLError: Could not create the SSL_CTX C struct (SSL_CTX_new() failed). """ self._ssl_ctx_struct_p = None self._pem_passwd_cb = None if ssl_version == 'sslv23': ssl_version = libssl.SSLv23_method() elif ssl_version == 'sslv2': if features_not_available.SSL2_NOT_AVAIL: raise ctSSLFeatureNotAvailable('SSLv2 disabled.') ssl_version = libssl.SSLv2_method() elif ssl_version == 'sslv3': ssl_version = libssl.SSLv3_method() elif ssl_version == 'tlsv1': ssl_version = libssl.TLSv1_method() elif ssl_version == 'tlsv1_1': if features_not_available.TLS1_1_TLS1_2_NOT_AVAIL: raise ctSSLFeatureNotAvailable( 'TLS 1.1 is not supported by the' ' version of the OpenSSL library that was loaded.' ' Upgrade to 1.0.1 or later.') ssl_version = libssl.TLSv1_1_method() elif ssl_version == 'tlsv1_2': if features_not_available.TLS1_1_TLS1_2_NOT_AVAIL: raise ctSSLFeatureNotAvailable( 'TLS 1.2 is not supported by the' ' version of the OpenSSL library that was loaded.' ' Upgrade to 1.0.1 or later.') ssl_version = libssl.TLSv1_2_method() else: raise ctSSLError( 'Incorrect SSL version. Could not create SSL_CTX.') self._ssl_ctx_struct_p = libssl.SSL_CTX_new(ssl_version)
def __init__(self, ssl_version='sslv23'): """ Create a new SSL_CTX instance. @type ssl_version: str @param ssl_version: SSL protocol version to use. Should be 'sslv23', 'sslv2', 'sslv3', 'tlsv1', 'tlsv1_1' or 'tlsv1_2'. @raise ctSSL.errors.ctSSLError: Could not create the SSL_CTX C struct (SSL_CTX_new() failed). """ self._ssl_ctx_struct_p = None self._pem_passwd_cb = None if ssl_version == 'sslv23': ssl_version = libssl.SSLv23_method() elif ssl_version == 'sslv2': if features_not_available.SSL2_NOT_AVAIL: raise ctSSLFeatureNotAvailable('SSLv2 disabled.') ssl_version = libssl.SSLv2_method() elif ssl_version == 'sslv3': ssl_version = libssl.SSLv3_method() elif ssl_version == 'tlsv1': ssl_version = libssl.TLSv1_method() elif ssl_version == 'tlsv1_1': if features_not_available.TLS1_1_TLS1_2_NOT_AVAIL: raise ctSSLFeatureNotAvailable('TLS 1.1 is not supported by the' ' version of the OpenSSL library that was loaded.' ' Upgrade to 1.0.1 or later.') ssl_version = libssl.TLSv1_1_method() elif ssl_version == 'tlsv1_2': if features_not_available.TLS1_1_TLS1_2_NOT_AVAIL: raise ctSSLFeatureNotAvailable('TLS 1.2 is not supported by the' ' version of the OpenSSL library that was loaded.' ' Upgrade to 1.0.1 or later.') ssl_version = libssl.TLSv1_2_method() else: raise ctSSLError('Incorrect SSL version. Could not create SSL_CTX.') self._ssl_ctx_struct_p = libssl.SSL_CTX_new(ssl_version)
def set_tlsext_host_name(self, name): if features_not_available.SNI_NOT_AVAIL: raise errors.ctSSLFeatureNotAvailable( 'SSL_set_tlsext_host_name() is not supported by the' ' version of the OpenSSL library that was loaded.') name_buffer = create_string_buffer(name) if libssl.SSL_ctrl(self._ssl_struct_p, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, name_buffer): return True else: return False
def get_current_compression(self): """ H4ck to figure out whether the current connection is using compression. TODO: Cleaner API. """ if features_not_available.ZLIB_NOT_AVAIL: raise errors.ctSSLFeatureNotAvailable( 'ctSSL was not initialized with Zlib compression support. See ctSSL_initialize().') session_txt = self.get_session().as_text() for l in session_txt.split('\n'): if 'Compression' in l: return l.replace('Compression: 1 ', '').strip() return False
def get_secure_renegotiation_support(self): """ Check whether the peer supports secure renegotiation. Directly calls OpenSSL's SSL_get_secure_renegotiation_support(). @rtype: bool @return: True if the peer supports secure renegotiation. @raise ctSSL.errors.ctSSLFeatureNotAvailable """ if features_not_available.SSL_SECURE_RENEGOTIATION_NOT_AVAIL: raise errors.ctSSLFeatureNotAvailable( 'SSL_get_secure_renegotiation_support() is not supported by the' ' version of the OpenSSL library that was loaded. ' 'Upgrade to OpenSSL 0.9.8m or later.') if libssl.SSL_ctrl(self._ssl_struct_p, SSL_CTRL_GET_RI_SUPPORT, 0,None): return True else: return False