tls flake8 fixes
This commit is contained in:
parent
fcffb42629
commit
dccb1dbb3c
|
@ -64,15 +64,18 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
self.tlsStarted = True
|
||||
# Once the connection has been established, it's safe to wrap the
|
||||
# socket.
|
||||
if sys.version_info >= (2,7,9):
|
||||
context = ssl.create_default_context(purpose = ssl.Purpose.SERVER_AUTH if self.server_side else ssl.Purpose.CLIENT_AUTH)
|
||||
if sys.version_info >= (2, 7, 9):
|
||||
context = ssl.create_default_context(
|
||||
purpose=ssl.Purpose.SERVER_AUTH if self.server_side else ssl.Purpose.CLIENT_AUTH)
|
||||
context.set_ciphers(self.ciphers)
|
||||
context.set_ecdh_curve("secp256k1")
|
||||
context.check_hostname = False
|
||||
context.verify_mode = ssl.CERT_NONE
|
||||
# also exclude TLSv1 and TLSv1.1 in the future
|
||||
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE | ssl.OP_CIPHER_SERVER_PREFERENCE
|
||||
self.sslSocket = context.wrap_socket(self.socket, server_side = self.server_side, do_handshake_on_connect=False)
|
||||
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 |\
|
||||
ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE | ssl.OP_CIPHER_SERVER_PREFERENCE
|
||||
self.sslSocket = context.wrap_socket(
|
||||
self.socket, server_side=self.server_side, do_handshake_on_connect=False)
|
||||
else:
|
||||
self.sslSocket = ssl.wrap_socket(
|
||||
self.socket, server_side=self.server_side,
|
||||
|
@ -101,7 +104,7 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
try:
|
||||
# during TLS handshake, and after flushing write buffer, return status of last handshake attempt
|
||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||
#print "tls readable, %r" % (self.want_read)
|
||||
# print "tls readable, %r" % (self.want_read)
|
||||
return self.want_read
|
||||
# prior to TLS handshake, receiveDataThread should emulate synchronous behaviour
|
||||
elif not self.fullyEstablished and (self.expectBytes == 0 or not self.write_buf_empty()):
|
||||
|
@ -114,10 +117,10 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
try:
|
||||
# wait for write buffer flush
|
||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||
#logger.debug("%s:%i TLS handshaking (read)", self.destination.host, self.destination.port)
|
||||
# logger.debug("%s:%i TLS handshaking (read)", self.destination.host, self.destination.port)
|
||||
self.tls_handshake()
|
||||
else:
|
||||
#logger.debug("%s:%i Not TLS handshaking (read)", self.destination.host, self.destination.port)
|
||||
# logger.debug("%s:%i Not TLS handshaking (read)", self.destination.host, self.destination.port)
|
||||
return AdvancedDispatcher.handle_read(self)
|
||||
except AttributeError:
|
||||
return AdvancedDispatcher.handle_read(self)
|
||||
|
@ -135,10 +138,10 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
try:
|
||||
# wait for write buffer flush
|
||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||
#logger.debug("%s:%i TLS handshaking (write)", self.destination.host, self.destination.port)
|
||||
# logger.debug("%s:%i TLS handshaking (write)", self.destination.host, self.destination.port)
|
||||
self.tls_handshake()
|
||||
else:
|
||||
#logger.debug("%s:%i Not TLS handshaking (write)", self.destination.host, self.destination.port)
|
||||
# logger.debug("%s:%i Not TLS handshaking (write)", self.destination.host, self.destination.port)
|
||||
return AdvancedDispatcher.handle_write(self)
|
||||
except AttributeError:
|
||||
return AdvancedDispatcher.handle_write(self)
|
||||
|
@ -158,16 +161,16 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
return False
|
||||
# Perform the handshake.
|
||||
try:
|
||||
#print "handshaking (internal)"
|
||||
# print "handshaking (internal)"
|
||||
self.sslSocket.do_handshake()
|
||||
except ssl.SSLError as err:
|
||||
#print "%s:%i: handshake fail" % (self.destination.host, self.destination.port)
|
||||
# print "%s:%i: handshake fail" % (self.destination.host, self.destination.port)
|
||||
self.want_read = self.want_write = False
|
||||
if err.args[0] == ssl.SSL_ERROR_WANT_READ:
|
||||
#print "want read"
|
||||
# print "want read"
|
||||
self.want_read = True
|
||||
if err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
|
||||
#print "want write"
|
||||
# print "want write"
|
||||
self.want_write = True
|
||||
if not (self.want_write or self.want_read):
|
||||
raise
|
||||
|
|
Reference in New Issue
Block a user