def _configuredClientContextFactory(): """ Get a client context factory from the configuration. """ from twistedcaldav.config import config return ChainingOpenSSLContextFactory( config.SSLPrivateKey, config.SSLCertificate, certificateChainFile=config.SSLAuthorityChain, sslmethod=getattr(OpenSSL.SSL, config.SSLMethod))
def _configuredClientContextFactory(): """ Get a client context factory from the configuration. """ from twistedcaldav.config import config return ChainingOpenSSLContextFactory("", "", certificateChainFile="", keychainIdentity="", sslmethod=getattr( OpenSSL.SSL, config.SSLMethod))
def verifyTLSCertificate(keys): """ If a TLS certificate is configured, make sure it exists, is non empty, and that it's valid. """ global SSLPrivateKey global SSLCertAdmin global SSLPassPhraseDialog global SSLPort global ServerHostName certPath = keys.get("SSLCertificate", "") keyPath = keys.get("SSLPrivateKey", "") chainPath = keys.get("SSLAuthorityChain", "") SSLPrivateKey = keyPath SSLCertAdmin = keys.get("SSLCertAdmin", "") SSLPassPhraseDialog = keys.get("SSLPassPhraseDialog", "") SSLPort = keys.get("SSLPort", "") ServerHostName = keys.get("ServerHostName", "") print() print("Checking TLS Certificate:") if certPath: if not os.path.exists(certPath): message = ( "The configured TLS certificate ({cert}) is missing".format( cert=certPath)) return False, message else: return False, "EnableSSL is set to true, but certificate path not set" length = os.stat(certPath).st_size if length == 0: message = ("The configured TLS certificate ({cert}) is empty".format( cert=certPath)) return False, message try: ChainingOpenSSLContextFactory(keyPath, certPath, certificateChainFile=chainPath, passwdCallback=getSSLPassphrase, sslmethod=getattr( OpenSSL.SSL, "SSLv23_METHOD"), ciphers="RC4-SHA:HIGH:!ADH") except Exception as e: message = ( "The configured TLS certificate ({cert}) cannot be used: {reason}". format(cert=certPath, reason=str(e))) return False, message return True, "TLS enabled"
def setUp(self): HTTPChannel.allowPersistentConnections = True sCTX = ChainingOpenSSLContextFactory( certPath, certPath, keychainIdentity="org.calendarserver.test", ) factory = SimpleFactory(requestFactory=SimpleRequest) factory.testcase = self self.factory = factory self.connlost = defer.Deferred() self.socket = reactor.listenSSL(0, factory, sCTX) self.port = self.socket.getHost().port
def connect(self, factory): if self.testConnector is not None: # For testing purposes self.testConnector.connect(self, factory) else: if self.passphrase: passwdCallback = lambda *ignored: self.passphrase else: passwdCallback = None context = ChainingOpenSSLContextFactory( self.keyPath, self.certPath, certificateChainFile=self.chainPath, passwdCallback=passwdCallback, sslmethod=getattr(OpenSSL.SSL, self.sslMethod)) connect(GAIEndpoint(self.reactor, self.host, self.port, context), factory)