def connect_ssl(ip, port=443, timeout=5, openssl_context=None, check_cert=True): ip_port = (ip, port) if not openssl_context: openssl_context = SSLConnection.context_builder() if config.PROXY_ENABLE: sock = socks.socksocket(socket.AF_INET) else: sock = socket.socket(socket.AF_INET) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) # set struct linger{l_onoff=1,l_linger=0} to avoid 10048 socket error sock.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 0)) # resize socket recv buffer 8K->32K to improve browser releated application performance sock.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 32 * 1024) sock.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, True) sock.settimeout(timeout) ssl_sock = SSLConnection(openssl_context, sock, ip) ssl_sock.set_connect_state() time_begin = time.time() ssl_sock.connect(ip_port) time_connected = time.time() ssl_sock.do_handshake() time_handshaked = time.time() # report network ok check_local_network.network_stat = "OK" check_local_network.last_check_time = time_handshaked check_local_network.continue_fail_count = 0 cert = ssl_sock.get_peer_certificate() if not cert: raise socket.error(' certficate is none') if check_cert: issuer_commonname = next( (v for k, v in cert.get_issuer().get_components() if k == 'CN'), '') if not issuer_commonname.startswith('Google'): raise socket.error(' certficate is issued by %r, not Google' % (issuer_commonname)) connct_time = int((time_connected - time_begin) * 1000) handshake_time = int((time_handshaked - time_connected) * 1000) #xlog.debug("conn: %d handshake:%d", connct_time, handshake_time) # sometimes, we want to use raw tcp socket directly(select/epoll), so setattr it to ssl socket. ssl_sock._sock = sock ssl_sock.connct_time = connct_time ssl_sock.handshake_time = handshake_time return ssl_sock
def connect_ssl(ip, port=443, timeout=5, openssl_context=None, check_cert=True): ip_port = (ip, port) if not openssl_context: openssl_context = SSLConnection.context_builder() if config.PROXY_ENABLE: sock = socks.socksocket(socket.AF_INET) else: sock = socket.socket(socket.AF_INET) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) # set struct linger{l_onoff=1,l_linger=0} to avoid 10048 socket error sock.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack("ii", 1, 0)) # resize socket recv buffer 8K->32K to improve browser releated application performance sock.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 32 * 1024) sock.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, True) sock.settimeout(timeout) ssl_sock = SSLConnection(openssl_context, sock, ip) ssl_sock.set_connect_state() time_begin = time.time() ssl_sock.connect(ip_port) time_connected = time.time() ssl_sock.do_handshake() time_handshaked = time.time() # report network ok check_local_network.network_stat = "OK" check_local_network.last_check_time = time_handshaked check_local_network.continue_fail_count = 0 cert = ssl_sock.get_peer_certificate() if not cert: raise socket.error(" certficate is none") if check_cert: issuer_commonname = next((v for k, v in cert.get_issuer().get_components() if k == "CN"), "") if __name__ == "__main__": xlog.debug("issued by:%s", issuer_commonname) if not issuer_commonname.startswith("Google"): raise socket.error(" certficate is issued by %r, not Google" % (issuer_commonname)) connct_time = int((time_connected - time_begin) * 1000) handshake_time = int((time_handshaked - time_connected) * 1000) # xlog.debug("conn: %d handshake:%d", connct_time, handshake_time) # sometimes, we want to use raw tcp socket directly(select/epoll), so setattr it to ssl socket. ssl_sock._sock = sock ssl_sock.connct_time = connct_time ssl_sock.handshake_time = handshake_time return ssl_sock