More formatting in network package #1734
|
@ -16,7 +16,6 @@ logger = logging.getLogger('default')
|
||||||
|
|
||||||
_DISCONNECTED_SSL = frozenset((ssl.SSL_ERROR_EOF,))
|
_DISCONNECTED_SSL = frozenset((ssl.SSL_ERROR_EOF,))
|
||||||
|
|
||||||
# sslProtocolVersion
|
|
||||||
if sys.version_info >= (2, 7, 13):
|
if sys.version_info >= (2, 7, 13):
|
||||||
# this means TLSv1 or higher
|
# this means TLSv1 or higher
|
||||||
# in the future change to
|
# in the future change to
|
||||||
|
@ -27,14 +26,16 @@ elif sys.version_info >= (2, 7, 9):
|
||||||
# SSLv2 and 3 are excluded with an option after context is created
|
# SSLv2 and 3 are excluded with an option after context is created
|
||||||
sslProtocolVersion = ssl.PROTOCOL_SSLv23
|
sslProtocolVersion = ssl.PROTOCOL_SSLv23
|
||||||
else:
|
else:
|
||||||
# this means TLSv1, there is no way to set "TLSv1 or higher" or
|
# this means TLSv1, there is no way to set "TLSv1 or higher"
|
||||||
# "TLSv1.2" in < 2.7.9
|
# or "TLSv1.2" in < 2.7.9
|
||||||
sslProtocolVersion = ssl.PROTOCOL_TLSv1
|
sslProtocolVersion = ssl.PROTOCOL_TLSv1
|
||||||
|
|
||||||
|
|
||||||
# ciphers
|
# ciphers
|
||||||
if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000 and not \
|
if (
|
||||||
ssl.OPENSSL_VERSION.startswith("LibreSSL"):
|
ssl.OPENSSL_VERSION_NUMBER >= 0x10100000
|
||||||
|
and not ssl.OPENSSL_VERSION.startswith(b"LibreSSL")
|
||||||
|
):
|
||||||
sslProtocolCiphers = "AECDH-AES256-SHA@SECLEVEL=0"
|
sslProtocolCiphers = "AECDH-AES256-SHA@SECLEVEL=0"
|
||||||
else:
|
else:
|
||||||
sslProtocolCiphers = "AECDH-AES256-SHA"
|
sslProtocolCiphers = "AECDH-AES256-SHA"
|
||||||
|
@ -47,16 +48,10 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
def __init__(self, _=None, sock=None, certfile=None, keyfile=None,
|
def __init__(self, _=None, sock=None, certfile=None, keyfile=None,
|
||||||
server_side=False, ciphers=sslProtocolCiphers):
|
server_side=False, ciphers=sslProtocolCiphers):
|
||||||
self.want_read = self.want_write = True
|
self.want_read = self.want_write = True
|
||||||
if certfile is None:
|
self.certfile = certfile or os.path.join(
|
||||||
self.certfile = os.path.join(
|
|
||||||
paths.codePath(), 'sslkeys', 'cert.pem')
|
paths.codePath(), 'sslkeys', 'cert.pem')
|
||||||
else:
|
self.keyfile = keyfile or os.path.join(
|
||||||
self.certfile = certfile
|
|
||||||
if keyfile is None:
|
|
||||||
self.keyfile = os.path.join(
|
|
||||||
paths.codePath(), 'sslkeys', 'key.pem')
|
paths.codePath(), 'sslkeys', 'key.pem')
|
||||||
else:
|
|
||||||
self.keyfile = keyfile
|
|
||||||
self.server_side = server_side
|
self.server_side = server_side
|
||||||
self.ciphers = ciphers
|
self.ciphers = ciphers
|
||||||
self.tlsStarted = False
|
self.tlsStarted = False
|
||||||
|
@ -66,7 +61,6 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
|
|
||||||
def state_tls_init(self):
|
def state_tls_init(self):
|
||||||
"""Prepare sockets for TLS handshake"""
|
"""Prepare sockets for TLS handshake"""
|
||||||
# pylint: disable=attribute-defined-outside-init
|
|
||||||
self.isSSL = True
|
self.isSSL = True
|
||||||
self.tlsStarted = True
|
self.tlsStarted = True
|
||||||
# Once the connection has been established,
|
# Once the connection has been established,
|
||||||
|
@ -96,8 +90,6 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
self.want_read = self.want_write = True
|
self.want_read = self.want_write = True
|
||||||
self.set_state("tls_handshake")
|
self.set_state("tls_handshake")
|
||||||
return False
|
return False
|
||||||
# if hasattr(self.socket, "context"):
|
|
||||||
# self.socket.context.set_ecdh_curve("secp256k1")
|
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def state_tls_handshake():
|
def state_tls_handshake():
|
||||||
|
@ -112,8 +104,8 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
try:
|
try:
|
||||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||||
return self.want_write
|
return self.want_write
|
||||||
return AdvancedDispatcher.writable(self)
|
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
|
pass
|
||||||
return AdvancedDispatcher.writable(self)
|
return AdvancedDispatcher.writable(self)
|
||||||
|
|
||||||
def readable(self):
|
def readable(self):
|
||||||
|
@ -126,14 +118,14 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
return self.want_read
|
return self.want_read
|
||||||
# prior to TLS handshake,
|
# prior to TLS handshake,
|
||||||
# receiveDataThread should emulate synchronous behaviour
|
# receiveDataThread should emulate synchronous behaviour
|
||||||
elif not self.fullyEstablished and (
|
if not self.fullyEstablished and (
|
||||||
self.expectBytes == 0 or not self.write_buf_empty()):
|
self.expectBytes == 0 or not self.write_buf_empty()):
|
||||||
return False
|
return False
|
||||||
return AdvancedDispatcher.readable(self)
|
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
|
pass
|
||||||
return AdvancedDispatcher.readable(self)
|
return AdvancedDispatcher.readable(self)
|
||||||
|
|
||||||
def handle_read(self): # pylint: disable=inconsistent-return-statements
|
def handle_read(self):
|
||||||
"""
|
"""
|
||||||
Handle reads for sockets during TLS handshake. Requires special
|
Handle reads for sockets during TLS handshake. Requires special
|
||||||
treatment as during the handshake, buffers must remain empty
|
treatment as during the handshake, buffers must remain empty
|
||||||
|
@ -142,29 +134,20 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
try:
|
try:
|
||||||
# wait for write buffer flush
|
# wait for write buffer flush
|
||||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||||
# logger.debug(
|
|
||||||
# "%s:%i TLS handshaking (read)", self.destination.host,
|
|
||||||
# self.destination.port)
|
|
||||||
self.tls_handshake()
|
self.tls_handshake()
|
||||||
else:
|
else:
|
||||||
# logger.debug(
|
AdvancedDispatcher.handle_read(self)
|
||||||
# "%s:%i Not TLS handshaking (read)", self.destination.host,
|
|
||||||
# self.destination.port)
|
|
||||||
return AdvancedDispatcher.handle_read(self)
|
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
return AdvancedDispatcher.handle_read(self)
|
AdvancedDispatcher.handle_read(self)
|
||||||
except ssl.SSLError as err:
|
except ssl.SSLError as err:
|
||||||
self.close_reason = "SSL Error in handle_read"
|
|
||||||
if err.errno == ssl.SSL_ERROR_WANT_READ:
|
if err.errno == ssl.SSL_ERROR_WANT_READ:
|
||||||
return
|
return
|
||||||
elif err.errno in _DISCONNECTED_SSL:
|
if err.errno not in _DISCONNECTED_SSL:
|
||||||
self.handle_close()
|
|
||||||
return
|
|
||||||
logger.info("SSL Error: %s", err)
|
logger.info("SSL Error: %s", err)
|
||||||
|
self.close_reason = "SSL Error in handle_read"
|
||||||
self.handle_close()
|
self.handle_close()
|
||||||
return
|
|
||||||
|
|
||||||
def handle_write(self): # pylint: disable=inconsistent-return-statements
|
def handle_write(self):
|
||||||
"""
|
"""
|
||||||
Handle writes for sockets during TLS handshake. Requires special
|
Handle writes for sockets during TLS handshake. Requires special
|
||||||
treatment as during the handshake, buffers must remain empty
|
treatment as during the handshake, buffers must remain empty
|
||||||
|
@ -173,27 +156,18 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
try:
|
try:
|
||||||
# wait for write buffer flush
|
# wait for write buffer flush
|
||||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||||
# logger.debug(
|
|
||||||
# "%s:%i TLS handshaking (write)", self.destination.host,
|
|
||||||
# self.destination.port)
|
|
||||||
self.tls_handshake()
|
self.tls_handshake()
|
||||||
else:
|
else:
|
||||||
# logger.debug(
|
AdvancedDispatcher.handle_write(self)
|
||||||
# "%s:%i Not TLS handshaking (write)", self.destination.host,
|
|
||||||
# self.destination.port)
|
|
||||||
return AdvancedDispatcher.handle_write(self)
|
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
return AdvancedDispatcher.handle_write(self)
|
AdvancedDispatcher.handle_write(self)
|
||||||
except ssl.SSLError as err:
|
except ssl.SSLError as err:
|
||||||
self.close_reason = "SSL Error in handle_write"
|
|
||||||
if err.errno == ssl.SSL_ERROR_WANT_WRITE:
|
if err.errno == ssl.SSL_ERROR_WANT_WRITE:
|
||||||
return 0
|
|
||||||
elif err.errno in _DISCONNECTED_SSL:
|
|
||||||
self.handle_close()
|
|
||||||
return 0
|
|
||||||
logger.info("SSL Error: %s", err)
|
|
||||||
self.handle_close()
|
|
||||||
return
|
return
|
||||||
|
if err.errno not in _DISCONNECTED_SSL:
|
||||||
|
logger.info("SSL Error: %s", err)
|
||||||
|
self.close_reason = "SSL Error in handle_write"
|
||||||
|
self.handle_close()
|
||||||
|
|
||||||
def tls_handshake(self):
|
def tls_handshake(self):
|
||||||
"""Perform TLS handshake and handle its stages"""
|
"""Perform TLS handshake and handle its stages"""
|
||||||
|
|
Reference in New Issue
Block a user