示例#1
0
def _configuredClientContextFactory():
    """
    Get a client context factory from the configuration.
    """
    from twistedcaldav.config import config
    return ChainingOpenSSLContextFactory(
        config.SSLPrivateKey,
        config.SSLCertificate,
        certificateChainFile=config.SSLAuthorityChain,
        sslmethod=getattr(OpenSSL.SSL, config.SSLMethod))
示例#2
0
def _configuredClientContextFactory():
    """
    Get a client context factory from the configuration.
    """
    from twistedcaldav.config import config
    return ChainingOpenSSLContextFactory("",
                                         "",
                                         certificateChainFile="",
                                         keychainIdentity="",
                                         sslmethod=getattr(
                                             OpenSSL.SSL, config.SSLMethod))
示例#3
0
def verifyTLSCertificate(keys):
    """
    If a TLS certificate is configured, make sure it exists, is non empty,
    and that it's valid.
    """
    global SSLPrivateKey
    global SSLCertAdmin
    global SSLPassPhraseDialog
    global SSLPort
    global ServerHostName

    certPath = keys.get("SSLCertificate", "")
    keyPath = keys.get("SSLPrivateKey", "")
    chainPath = keys.get("SSLAuthorityChain", "")

    SSLPrivateKey = keyPath
    SSLCertAdmin = keys.get("SSLCertAdmin", "")
    SSLPassPhraseDialog = keys.get("SSLPassPhraseDialog", "")
    SSLPort = keys.get("SSLPort", "")
    ServerHostName = keys.get("ServerHostName", "")

    print()
    print("Checking TLS Certificate:")

    if certPath:
        if not os.path.exists(certPath):
            message = (
                "The configured TLS certificate ({cert}) is missing".format(
                    cert=certPath))
            return False, message
    else:
        return False, "EnableSSL is set to true, but certificate path not set"

    length = os.stat(certPath).st_size
    if length == 0:
        message = ("The configured TLS certificate ({cert}) is empty".format(
            cert=certPath))
        return False, message

    try:
        ChainingOpenSSLContextFactory(keyPath,
                                      certPath,
                                      certificateChainFile=chainPath,
                                      passwdCallback=getSSLPassphrase,
                                      sslmethod=getattr(
                                          OpenSSL.SSL, "SSLv23_METHOD"),
                                      ciphers="RC4-SHA:HIGH:!ADH")
    except Exception as e:
        message = (
            "The configured TLS certificate ({cert}) cannot be used: {reason}".
            format(cert=certPath, reason=str(e)))
        return False, message

    return True, "TLS enabled"
示例#4
0
    def setUp(self):
        HTTPChannel.allowPersistentConnections = True
        sCTX = ChainingOpenSSLContextFactory(
            certPath,
            certPath,
            keychainIdentity="org.calendarserver.test",
        )
        factory = SimpleFactory(requestFactory=SimpleRequest)

        factory.testcase = self
        self.factory = factory
        self.connlost = defer.Deferred()

        self.socket = reactor.listenSSL(0, factory, sCTX)
        self.port = self.socket.getHost().port
示例#5
0
 def connect(self, factory):
     if self.testConnector is not None:
         # For testing purposes
         self.testConnector.connect(self, factory)
     else:
         if self.passphrase:
             passwdCallback = lambda *ignored: self.passphrase
         else:
             passwdCallback = None
         context = ChainingOpenSSLContextFactory(
             self.keyPath,
             self.certPath,
             certificateChainFile=self.chainPath,
             passwdCallback=passwdCallback,
             sslmethod=getattr(OpenSSL.SSL, self.sslMethod))
         connect(GAIEndpoint(self.reactor, self.host, self.port, context),
                 factory)