SSL fixes
Handle old Python compatibility better.
This commit is contained in:
parent
74519069f0
commit
18f7ef06e2
|
@ -81,7 +81,9 @@ class receiveDataThread(threading.Thread):
|
||||||
shared.numberOfBytesReceivedLastSecond = 0
|
shared.numberOfBytesReceivedLastSecond = 0
|
||||||
dataLen = len(self.data)
|
dataLen = len(self.data)
|
||||||
try:
|
try:
|
||||||
if (self.services & shared.NODE_SSL == shared.NODE_SSL) and self.connectionIsOrWasFullyEstablished:
|
if ((self.services & shared.NODE_SSL == shared.NODE_SSL) and
|
||||||
|
self.connectionIsOrWasFullyEstablished and
|
||||||
|
shared.haveSSL(not self.initiatedConnection)):
|
||||||
dataRecv = self.sslSock.recv(1024)
|
dataRecv = self.sslSock.recv(1024)
|
||||||
else:
|
else:
|
||||||
dataRecv = self.sock.recv(1024)
|
dataRecv = self.sock.recv(1024)
|
||||||
|
@ -251,7 +253,8 @@ class receiveDataThread(threading.Thread):
|
||||||
self.connectionIsOrWasFullyEstablished = True
|
self.connectionIsOrWasFullyEstablished = True
|
||||||
|
|
||||||
self.sslSock = self.sock
|
self.sslSock = self.sock
|
||||||
if (self.services & shared.NODE_SSL == shared.NODE_SSL and (self.initiatedConnection or sys.version_info >= (2, 7, 9))):
|
if (self.services & shared.NODE_SSL == shared.NODE_SSL and
|
||||||
|
shared.haveSSL(not self.initiatedConnection)):
|
||||||
self.sslSock = ssl.wrap_socket(self.sock, keyfile = os.path.join(shared.codePath(), 'sslkeys', 'key.pem'), certfile = os.path.join(shared.codePath(), 'sslkeys', 'cert.pem'), server_side = not self.initiatedConnection, ssl_version=ssl.PROTOCOL_TLSv1, do_handshake_on_connect=False, ciphers='AECDH-AES256-SHA')
|
self.sslSock = ssl.wrap_socket(self.sock, keyfile = os.path.join(shared.codePath(), 'sslkeys', 'key.pem'), certfile = os.path.join(shared.codePath(), 'sslkeys', 'cert.pem'), server_side = not self.initiatedConnection, ssl_version=ssl.PROTOCOL_TLSv1, do_handshake_on_connect=False, ciphers='AECDH-AES256-SHA')
|
||||||
if hasattr(self.sslSock, "context"):
|
if hasattr(self.sslSock, "context"):
|
||||||
self.sslSock.context.set_ecdh_curve("secp256k1")
|
self.sslSock.context.set_ecdh_curve("secp256k1")
|
||||||
|
@ -267,7 +270,7 @@ class receiveDataThread(threading.Thread):
|
||||||
except:
|
except:
|
||||||
break
|
break
|
||||||
# Command the corresponding sendDataThread to set its own connectionIsOrWasFullyEstablished variable to True also
|
# Command the corresponding sendDataThread to set its own connectionIsOrWasFullyEstablished variable to True also
|
||||||
self.sendDataThreadQueue.put((0, 'connectionIsOrWasFullyEstablished', (self.services, self.sslSock)))
|
self.sendDataThreadQueue.put((0, 'connectionIsOrWasFullyEstablished', (self.services, self.sslSock, self.initiatedConnection)))
|
||||||
|
|
||||||
if not self.initiatedConnection:
|
if not self.initiatedConnection:
|
||||||
shared.clientHasReceivedIncomingConnections = True
|
shared.clientHasReceivedIncomingConnections = True
|
||||||
|
|
|
@ -39,6 +39,7 @@ class sendDataThread(threading.Thread):
|
||||||
self.name = "sendData-" + self.peer.host
|
self.name = "sendData-" + self.peer.host
|
||||||
self.streamNumber = streamNumber
|
self.streamNumber = streamNumber
|
||||||
self.services = 0
|
self.services = 0
|
||||||
|
self.initiatedConnection = False
|
||||||
self.remoteProtocolVersion = - \
|
self.remoteProtocolVersion = - \
|
||||||
1 # This must be set using setRemoteProtocolVersion command which is sent through the self.sendDataThreadQueue queue.
|
1 # This must be set using setRemoteProtocolVersion command which is sent through the self.sendDataThreadQueue queue.
|
||||||
self.lastTimeISentData = int(
|
self.lastTimeISentData = int(
|
||||||
|
@ -82,7 +83,9 @@ class sendDataThread(threading.Thread):
|
||||||
uploadRateLimitBytes = 999999999 # float("inf") doesn't work
|
uploadRateLimitBytes = 999999999 # float("inf") doesn't work
|
||||||
else:
|
else:
|
||||||
uploadRateLimitBytes = shared.config.getint('bitmessagesettings', 'maxuploadrate') * 1000
|
uploadRateLimitBytes = shared.config.getint('bitmessagesettings', 'maxuploadrate') * 1000
|
||||||
if self.services & shared.NODE_SSL == shared.NODE_SSL and self.connectionIsOrWasFullyEstablished:
|
if ((self.services & shared.NODE_SSL == shared.NODE_SSL) and
|
||||||
|
self.connectionIsOrWasFullyEstablished and
|
||||||
|
shared.haveSSL(not self.initiatedConnection)):
|
||||||
amountSent = self.sslSock.send(data[:1000])
|
amountSent = self.sslSock.send(data[:1000])
|
||||||
else:
|
else:
|
||||||
amountSent = self.sock.send(data[:1000])
|
amountSent = self.sock.send(data[:1000])
|
||||||
|
@ -172,7 +175,7 @@ class sendDataThread(threading.Thread):
|
||||||
break
|
break
|
||||||
elif command == 'connectionIsOrWasFullyEstablished':
|
elif command == 'connectionIsOrWasFullyEstablished':
|
||||||
self.connectionIsOrWasFullyEstablished = True
|
self.connectionIsOrWasFullyEstablished = True
|
||||||
self.services, self.sslSock = data
|
self.services, self.sslSock, self.initiatedConnection = data
|
||||||
else:
|
else:
|
||||||
logger.error('sendDataThread ID: ' + str(id(self)) + ' ignoring command ' + command + ' because the thread is not in stream' + str(deststream))
|
logger.error('sendDataThread ID: ' + str(id(self)) + ' ignoring command ' + command + ' because the thread is not in stream' + str(deststream))
|
||||||
|
|
||||||
|
|
|
@ -149,11 +149,18 @@ def encodeHost(host):
|
||||||
else:
|
else:
|
||||||
return socket.inet_pton(socket.AF_INET6, host)
|
return socket.inet_pton(socket.AF_INET6, host)
|
||||||
|
|
||||||
def assembleVersionMessage(remoteHost, remotePort, myStreamNumber):
|
def haveSSL(server = False):
|
||||||
|
# python < 2.7.9's ssl library does not support ECDSA server due to missing initialisation of available curves, but client works ok
|
||||||
|
if server == False:
|
||||||
|
return True
|
||||||
|
elif sys.version_info >= (2,7,9):
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
|
def assembleVersionMessage(remoteHost, remotePort, myStreamNumber, server = False):
|
||||||
payload = ''
|
payload = ''
|
||||||
payload += pack('>L', 3) # protocol version.
|
payload += pack('>L', 3) # protocol version.
|
||||||
payload += pack('>q', NODE_NETWORK|(NODE_SSL if sys.version_info >= (2, 7, 9) else 0)) # bitflags of the services I offer.
|
payload += pack('>q', NODE_NETWORK|(NODE_SSL if haveSSL(server) else 0)) # bitflags of the services I offer.
|
||||||
# python < 2.7.9's ssl library does not support ECDSA server due to missing initialisation of available curves, but client works ok
|
|
||||||
payload += pack('>q', int(time.time()))
|
payload += pack('>q', int(time.time()))
|
||||||
|
|
||||||
payload += pack(
|
payload += pack(
|
||||||
|
|
Reference in New Issue
Block a user