tls flake8 fixes
This commit is contained in:
parent
fcffb42629
commit
dccb1dbb3c
|
@ -64,15 +64,18 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
self.tlsStarted = True
|
self.tlsStarted = True
|
||||||
# Once the connection has been established, it's safe to wrap the
|
# Once the connection has been established, it's safe to wrap the
|
||||||
# socket.
|
# socket.
|
||||||
if sys.version_info >= (2,7,9):
|
if sys.version_info >= (2, 7, 9):
|
||||||
context = ssl.create_default_context(purpose = ssl.Purpose.SERVER_AUTH if self.server_side else ssl.Purpose.CLIENT_AUTH)
|
context = ssl.create_default_context(
|
||||||
|
purpose=ssl.Purpose.SERVER_AUTH if self.server_side else ssl.Purpose.CLIENT_AUTH)
|
||||||
context.set_ciphers(self.ciphers)
|
context.set_ciphers(self.ciphers)
|
||||||
context.set_ecdh_curve("secp256k1")
|
context.set_ecdh_curve("secp256k1")
|
||||||
context.check_hostname = False
|
context.check_hostname = False
|
||||||
context.verify_mode = ssl.CERT_NONE
|
context.verify_mode = ssl.CERT_NONE
|
||||||
# also exclude TLSv1 and TLSv1.1 in the future
|
# also exclude TLSv1 and TLSv1.1 in the future
|
||||||
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE | ssl.OP_CIPHER_SERVER_PREFERENCE
|
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 |\
|
||||||
self.sslSocket = context.wrap_socket(self.socket, server_side = self.server_side, do_handshake_on_connect=False)
|
ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE | ssl.OP_CIPHER_SERVER_PREFERENCE
|
||||||
|
self.sslSocket = context.wrap_socket(
|
||||||
|
self.socket, server_side=self.server_side, do_handshake_on_connect=False)
|
||||||
else:
|
else:
|
||||||
self.sslSocket = ssl.wrap_socket(
|
self.sslSocket = ssl.wrap_socket(
|
||||||
self.socket, server_side=self.server_side,
|
self.socket, server_side=self.server_side,
|
||||||
|
@ -101,7 +104,7 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
try:
|
try:
|
||||||
# during TLS handshake, and after flushing write buffer, return status of last handshake attempt
|
# during TLS handshake, and after flushing write buffer, return status of last handshake attempt
|
||||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||||
#print "tls readable, %r" % (self.want_read)
|
# print "tls readable, %r" % (self.want_read)
|
||||||
return self.want_read
|
return self.want_read
|
||||||
# prior to TLS handshake, receiveDataThread should emulate synchronous behaviour
|
# prior to TLS handshake, receiveDataThread should emulate synchronous behaviour
|
||||||
elif not self.fullyEstablished and (self.expectBytes == 0 or not self.write_buf_empty()):
|
elif not self.fullyEstablished and (self.expectBytes == 0 or not self.write_buf_empty()):
|
||||||
|
@ -114,10 +117,10 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
try:
|
try:
|
||||||
# wait for write buffer flush
|
# wait for write buffer flush
|
||||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||||
#logger.debug("%s:%i TLS handshaking (read)", self.destination.host, self.destination.port)
|
# logger.debug("%s:%i TLS handshaking (read)", self.destination.host, self.destination.port)
|
||||||
self.tls_handshake()
|
self.tls_handshake()
|
||||||
else:
|
else:
|
||||||
#logger.debug("%s:%i Not TLS handshaking (read)", self.destination.host, self.destination.port)
|
# logger.debug("%s:%i Not TLS handshaking (read)", self.destination.host, self.destination.port)
|
||||||
return AdvancedDispatcher.handle_read(self)
|
return AdvancedDispatcher.handle_read(self)
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
return AdvancedDispatcher.handle_read(self)
|
return AdvancedDispatcher.handle_read(self)
|
||||||
|
@ -135,10 +138,10 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
try:
|
try:
|
||||||
# wait for write buffer flush
|
# wait for write buffer flush
|
||||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||||
#logger.debug("%s:%i TLS handshaking (write)", self.destination.host, self.destination.port)
|
# logger.debug("%s:%i TLS handshaking (write)", self.destination.host, self.destination.port)
|
||||||
self.tls_handshake()
|
self.tls_handshake()
|
||||||
else:
|
else:
|
||||||
#logger.debug("%s:%i Not TLS handshaking (write)", self.destination.host, self.destination.port)
|
# logger.debug("%s:%i Not TLS handshaking (write)", self.destination.host, self.destination.port)
|
||||||
return AdvancedDispatcher.handle_write(self)
|
return AdvancedDispatcher.handle_write(self)
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
return AdvancedDispatcher.handle_write(self)
|
return AdvancedDispatcher.handle_write(self)
|
||||||
|
@ -158,16 +161,16 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
return False
|
return False
|
||||||
# Perform the handshake.
|
# Perform the handshake.
|
||||||
try:
|
try:
|
||||||
#print "handshaking (internal)"
|
# print "handshaking (internal)"
|
||||||
self.sslSocket.do_handshake()
|
self.sslSocket.do_handshake()
|
||||||
except ssl.SSLError as err:
|
except ssl.SSLError as err:
|
||||||
#print "%s:%i: handshake fail" % (self.destination.host, self.destination.port)
|
# print "%s:%i: handshake fail" % (self.destination.host, self.destination.port)
|
||||||
self.want_read = self.want_write = False
|
self.want_read = self.want_write = False
|
||||||
if err.args[0] == ssl.SSL_ERROR_WANT_READ:
|
if err.args[0] == ssl.SSL_ERROR_WANT_READ:
|
||||||
#print "want read"
|
# print "want read"
|
||||||
self.want_read = True
|
self.want_read = True
|
||||||
if err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
|
if err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
|
||||||
#print "want write"
|
# print "want write"
|
||||||
self.want_write = True
|
self.want_write = True
|
||||||
if not (self.want_write or self.want_read):
|
if not (self.want_write or self.want_read):
|
||||||
raise
|
raise
|
||||||
|
|
Reference in New Issue
Block a user