def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL.SSL_CB_HANDSHAKE_START: connection.set_tlsext_host_name(self._hostnameBytes) elif where & SSL.SSL_CB_HANDSHAKE_DONE: if self.verbose_logging: logger.debug('SSL connection to %s using protocol %s, cipher %s', self._hostnameASCII, connection.get_protocol_version_name(), connection.get_cipher_name(), ) server_cert = connection.get_peer_certificate() logger.debug('SSL connection certificate: issuer "%s", subject "%s"', x509name_to_string(server_cert.get_issuer()), x509name_to_string(server_cert.get_subject()), ) key_info = get_temp_key_info(connection._ssl) if key_info: logger.debug('SSL temp key: %s', key_info) try: verifyHostname(connection, self._hostnameASCII) except (CertificateError, VerificationError) as e: logger.warning( 'Remote certificate is not valid for hostname "%s"; %s', self._hostnameASCII, e) except ValueError as e: logger.warning( 'Ignoring error while verifying certificate ' 'from host "%s" (exception: %r)', self._hostnameASCII, e)
def _identityVerifyingInfoCallback(self, connection, where, ret): """ U{info_callback <http://pythonhosted.org/pyOpenSSL/api/ssl.html#OpenSSL.SSL.Context.set_info_callback> } for pyOpenSSL that verifies the hostname in the presented certificate matches the one passed to this L{ClientTLSOptions}. @param connection: the connection which is handshaking. @type connection: L{OpenSSL.SSL.Connection} @param where: flags indicating progress through a TLS handshake. @type where: L{int} @param ret: ignored @type ret: ignored """ if where & SSL_CB_HANDSHAKE_DONE: try: hostname = self.peerName.decode("utf-8") if isinstance( self.peerName, str) else self.peerName verifyHostname(connection, hostname) except VerificationError: f = Failure() transport = connection.get_app_data() transport.failVerification(f)
def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL_CB_HANDSHAKE_START: _maybeSetHostNameIndication(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: try: verifyHostname(connection, self._hostnameASCII) except VerificationError as e: logger.warning(e)
def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL_CB_HANDSHAKE_START: _maybeSetHostNameIndication(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: try: verifyHostname(connection, self._hostnameASCII) except VerificationError as e: logger.warning(e)
def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL_CB_HANDSHAKE_START: _maybeSetHostNameIndication(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: try: verifyHostname(connection, self._hostnameASCII) except VerificationError as e: logger.warning( 'Remote certificate is not valid for hostname "{}"; {}' .format(self._hostnameASCII, e))
def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL_CB_HANDSHAKE_START: _maybeSetHostNameIndication(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: try: verifyHostname(connection, self._hostnameASCII) except VerificationError as e: logger.warning( 'Remote certificate is not valid for hostname "{}"; {}'.format( self._hostnameASCII, e))
def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL_CB_HANDSHAKE_START: _maybeSetHostNameIndication(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: try: verifyHostname(connection, self._hostnameASCII) except VerificationError as e: log.warn( 'Remote certificate is not valid for hostname "{}"; {}'. format(self._hostnameASCII, e)) except ValueError as e: log.warn('Ignoring error while verifying certificate ' 'from host "{}" (exception: {})'.format( self._hostnameASCII, repr(e)))
def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL_CB_HANDSHAKE_START: _maybeSetHostNameIndication(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: try: verifyHostname(connection, self._hostnameASCII) except VerificationError as e: log.warn( 'Remote certificate is not valid for hostname "{}"; {}'.format( self._hostnameASCII, e)) except ValueError as e: log.warn( 'Ignoring error while verifying certificate ' 'from host "{}" (exception: {})'.format( self._hostnameASCII, repr(e)))
def _identityVerifyingInfoCallback(self, connection, where, ret): if where & SSL_CB_HANDSHAKE_START: set_tlsext_host_name(connection, self._hostnameBytes) elif where & SSL_CB_HANDSHAKE_DONE: if self.verbose_logging: if hasattr(connection, 'get_cipher_name'): # requires pyOPenSSL 0.15 if hasattr(connection, 'get_protocol_version_name' ): # requires pyOPenSSL 16.0.0 logger.debug( 'SSL connection to %s using protocol %s, cipher %s', self._hostnameASCII, connection.get_protocol_version_name(), connection.get_cipher_name(), ) else: logger.debug( 'SSL connection to %s using cipher %s', self._hostnameASCII, connection.get_cipher_name(), ) server_cert = connection.get_peer_certificate() logger.debug( 'SSL connection certificate: issuer "%s", subject "%s"', x509name_to_string(server_cert.get_issuer()), x509name_to_string(server_cert.get_subject()), ) key_info = get_temp_key_info(connection._ssl) if key_info: logger.debug('SSL temp key: %s', key_info) try: verifyHostname(connection, self._hostnameASCII) except verification_errors as e: logger.warning( 'Remote certificate is not valid for hostname "{}"; {}' .format(self._hostnameASCII, e)) except ValueError as e: logger.warning( 'Ignoring error while verifying certificate ' 'from host "{}" (exception: {})'.format( self._hostnameASCII, repr(e)))
def _identityVerifyingInfoCallback(self, connection, where, ret): """ Override the base implementation to provide better hostname verification. @param connection: the connection which is handshaking. @type connection: L{OpenSSL.SSL.Connection} @param where: flags indicating progress through a TLS handshake. @type where: L{int} @param ret: ignored @type ret: ignored """ if where & SSL.SSL_CB_HANDSHAKE_START: connection.set_tlsext_host_name(self._hostnameBytes) elif where & SSL.SSL_CB_HANDSHAKE_DONE: if self._ctx.get_verify_mode() != SSL.VERIFY_NONE: try: verifyHostname(connection, self._hostnameASCII) except VerificationError as ex: log.error(str(ex)) f = Failure() transport = connection.get_app_data() transport.failVerification(f)