Solved SSL issue
This commit is contained in:
parent
f9a4f3b6ee
commit
76555b1aa7
|
@ -57,9 +57,7 @@ class BMConfigParser(configparser.ConfigParser):
|
|||
return configparser.ConfigParser.set(self, section, option, value)
|
||||
|
||||
def get(self, section, option, raw=False, vars=None):
|
||||
# import pdb;pdb.set_trace()
|
||||
# pylint: disable=unused-argument
|
||||
# import pdb; pdb.set_trace()
|
||||
try:
|
||||
if section == "bitmessagesettings" and option == "timeformat":
|
||||
return configparser.ConfigParser.get(
|
||||
|
|
|
@ -304,6 +304,9 @@ def check_openssl():
|
|||
' OpenSSL 0.9.8b or later with AES, Elliptic Curves (EC),'
|
||||
' ECDH, and ECDSA enabled.')
|
||||
return False
|
||||
if sys.version_info >=(3,0,0):
|
||||
matches = cflags_regex.findall(str(openssl_cflags))
|
||||
else:
|
||||
matches = cflags_regex.findall(openssl_cflags)
|
||||
if matches:
|
||||
logger.error(
|
||||
|
|
|
@ -542,15 +542,11 @@ class BMProto(AdvancedDispatcher, ObjectTracker):
|
|||
'%(host)s:%(port)i sending version',
|
||||
self.destination._asdict())
|
||||
if self.services & protocol.NODE_SSL == protocol.NODE_SSL:
|
||||
# self.isSSL = True
|
||||
pass
|
||||
self.isSSL = True
|
||||
if not self.verackReceived:
|
||||
return True
|
||||
# self.set_state(
|
||||
# "tls_init" if self.isSSL else "connection_fully_established",
|
||||
# length=self.payloadLength, expectBytes=0)
|
||||
self.set_state(
|
||||
"connection_fully_established",
|
||||
"tls_init" if self.isSSL else "connection_fully_established",
|
||||
length=self.payloadLength, expectBytes=0)
|
||||
return False
|
||||
|
||||
|
|
|
@ -68,6 +68,7 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
self.tlsDone = False
|
||||
self.tlsVersion = "N/A"
|
||||
self.isSSL = False
|
||||
self.sslSocket = None
|
||||
|
||||
def state_tls_init(self):
|
||||
"""Prepare sockets for TLS handshake"""
|
||||
|
@ -76,28 +77,6 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
self.tlsStarted = True
|
||||
# Once the connection has been established,
|
||||
# it's safe to wrap the socket.
|
||||
if sys.version_info >= (2, 7, 9):
|
||||
context = ssl.create_default_context(
|
||||
purpose=ssl.Purpose.SERVER_AUTH
|
||||
if self.server_side else ssl.Purpose.CLIENT_AUTH)
|
||||
context.set_ciphers(self.ciphers)
|
||||
context.set_ecdh_curve("secp256k1")
|
||||
context.check_hostname = False
|
||||
context.verify_mode = ssl.CERT_NONE
|
||||
# also exclude TLSv1 and TLSv1.1 in the future
|
||||
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 |\
|
||||
ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE |\
|
||||
ssl.OP_CIPHER_SERVER_PREFERENCE
|
||||
self.sslSocket = context.wrap_socket(
|
||||
self.socket, server_side=self.server_side,
|
||||
do_handshake_on_connect=False)
|
||||
else:
|
||||
self.sslSocket = ssl.wrap_socket(
|
||||
self.socket, server_side=self.server_side,
|
||||
ssl_version=sslProtocolVersion,
|
||||
certfile=self.certfile, keyfile=self.keyfile,
|
||||
ciphers=self.ciphers, do_handshake_on_connect=False)
|
||||
self.sslSocket.setblocking(0)
|
||||
self.want_read = self.want_write = True
|
||||
self.set_state("tls_handshake")
|
||||
return False
|
||||
|
@ -127,7 +106,6 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
# during TLS handshake, and after flushing write buffer,
|
||||
# return status of last handshake attempt
|
||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||
# print "tls readable, %r" % (self.want_read)
|
||||
return self.want_read
|
||||
# prior to TLS handshake,
|
||||
# receiveDataThread should emulate synchronous behaviour
|
||||
|
@ -145,7 +123,6 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
and normal reads must be ignored.
|
||||
"""
|
||||
try:
|
||||
# wait for write buffer flush
|
||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||
# logger.debug(
|
||||
# "%s:%i TLS handshaking (read)", self.destination.host,
|
||||
|
@ -182,9 +159,6 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
# self.destination.port)
|
||||
self.tls_handshake()
|
||||
else:
|
||||
# logger.debug(
|
||||
# "%s:%i Not TLS handshaking (write)", self.destination.host,
|
||||
# self.destination.port)
|
||||
return AdvancedDispatcher.handle_write(self)
|
||||
except AttributeError:
|
||||
return AdvancedDispatcher.handle_write(self)
|
||||
|
@ -201,8 +175,34 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
def tls_handshake(self):
|
||||
"""Perform TLS handshake and handle its stages"""
|
||||
# wait for flush
|
||||
# self.sslSocket.setblocking(0)
|
||||
if self.write_buf:
|
||||
return False
|
||||
if not self.sslSocket:
|
||||
self.del_channel()
|
||||
if sys.version_info >= (2, 7, 9):
|
||||
context = ssl.create_default_context(
|
||||
purpose=ssl.Purpose.SERVER_AUTH
|
||||
if self.server_side else ssl.Purpose.CLIENT_AUTH)
|
||||
context.set_ciphers(self.ciphers)
|
||||
context.set_ecdh_curve("secp256k1")
|
||||
context.check_hostname = False
|
||||
context.verify_mode = ssl.CERT_NONE
|
||||
# also exclude TLSv1 and TLSv1.1 in the future
|
||||
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 |\
|
||||
ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE |\
|
||||
ssl.OP_CIPHER_SERVER_PREFERENCE
|
||||
self.sslSocket = context.wrap_socket(
|
||||
self.socket, server_side=self.server_side,
|
||||
do_handshake_on_connect=False)
|
||||
else:
|
||||
self.sslSocket = ssl.wrap_socket(
|
||||
self.socket, server_side=self.server_side,
|
||||
ssl_version=sslProtocolVersion,
|
||||
certfile=self.certfile, keyfile=self.keyfile,
|
||||
ciphers=self.ciphers, do_handshake_on_connect=False)
|
||||
self.sslSocket.setblocking(0)
|
||||
self.set_socket(self.sslSocket)
|
||||
# Perform the handshake.
|
||||
try:
|
||||
self.sslSocket.do_handshake()
|
||||
|
@ -233,8 +233,6 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
'%s:%i: TLS handshake success',
|
||||
self.destination.host, self.destination.port)
|
||||
# The handshake has completed, so remove this channel and...
|
||||
self.del_channel()
|
||||
self.set_socket(self.sslSocket)
|
||||
self.tlsDone = True
|
||||
|
||||
self.bm_proto_reset()
|
||||
|
|
|
@ -231,7 +231,6 @@ def haveSSL(server=False):
|
|||
python < 2.7.9's ssl library does not support ECDSA server due to
|
||||
missing initialisation of available curves, but client works ok
|
||||
"""
|
||||
return False
|
||||
if not server:
|
||||
return True
|
||||
elif sys.version_info >= (2, 7, 9):
|
||||
|
|
|
@ -82,7 +82,7 @@ class _OpenSSL(object):
|
|||
"""Build the wrapper"""
|
||||
self._lib = ctypes.CDLL(library)
|
||||
self._version, self._hexversion, self._cflags = get_version(self._lib)
|
||||
self._libreSSL = (self._version).decode("utf-8").startswith("OpenSSL")
|
||||
self._libreSSL = (self._version).decode("utf-8").startswith("LibreSSL")
|
||||
|
||||
self.pointer = ctypes.pointer
|
||||
self.c_int = ctypes.c_int
|
||||
|
|
Reference in New Issue
Block a user