def _ensure_loaded(self): if self._loaded: return self.ca_file = extras.get_extras_path(self.ca_file) if not os.path.exists(self.ca_file): self._generate_ca() else: self._read_ca(self.ca_file) self._loaded = True
def _start_client_ssl_connection(self): server_cert = self.server_socket.get_peer_certificate() handler_cert = self.handler.on_certificate(server_cert) ciphers_list = self.handler.on_server_cipher_suites(self.client_hello) context = SSL.Context(SSL.SSLv23_METHOD) context.set_verify(SSL.VERIFY_NONE, stub_verify) if ciphers_list is not None: context.set_cipher_list(ciphers_list) if handler_cert is not None: context.use_certificate_chain_file(handler_cert) context.use_privatekey_file(handler_cert) # Required for anonymous/ephemeral DH cipher suites params_path = extras.get_extras_path("./dhparam") if os.path.exists(params_path): context.load_tmp_dh(extras.get_extras_path("./dhparam")) else: self.logger.warning("Required file dhparam not found, anonymous/ephemeral DH cipher suites may not work") # Required for anonymous/ephemeral ECDH cipher suites # The API is not available in the old version of pyOpenSSL which we # currently use. Without the code below, anonymous and ephemeral # ECDH cipher suites will not be used. if hasattr(context, "set_tmp_ecdh"): curve = crypto.get_elliptic_curve("prime256v1") context.set_tmp_ecdh(curve) # Send our ServerHello to the Client. Note that the Client's ClientHello # MUST be the first thing that self.client_socket.recv() returns connection = SSL.Connection(context, self.client_socket) connection.set_accept_state() self.client_socket = ConnectionWrapper(connection) self.client_bridge_fn = self._gen_ssl_connect_fn(connection, self._on_client_ssl_established) # Only listen for client events until the connection is established self.set_select_fds(rlist=[self.client_socket]) # Start the handshake self.client_bridge_fn()
def check_files_precondition(): for file in files: if not os.path.exists(extras.get_extras_path(file)): return False, "required file %s not found" % (file) return True, ""