Solved SSL issue
This commit is contained in:
parent
f9a4f3b6ee
commit
76555b1aa7
|
@ -57,9 +57,7 @@ class BMConfigParser(configparser.ConfigParser):
|
||||||
return configparser.ConfigParser.set(self, section, option, value)
|
return configparser.ConfigParser.set(self, section, option, value)
|
||||||
|
|
||||||
def get(self, section, option, raw=False, vars=None):
|
def get(self, section, option, raw=False, vars=None):
|
||||||
# import pdb;pdb.set_trace()
|
|
||||||
# pylint: disable=unused-argument
|
# pylint: disable=unused-argument
|
||||||
# import pdb; pdb.set_trace()
|
|
||||||
try:
|
try:
|
||||||
if section == "bitmessagesettings" and option == "timeformat":
|
if section == "bitmessagesettings" and option == "timeformat":
|
||||||
return configparser.ConfigParser.get(
|
return configparser.ConfigParser.get(
|
||||||
|
|
|
@ -304,7 +304,10 @@ def check_openssl():
|
||||||
' OpenSSL 0.9.8b or later with AES, Elliptic Curves (EC),'
|
' OpenSSL 0.9.8b or later with AES, Elliptic Curves (EC),'
|
||||||
' ECDH, and ECDSA enabled.')
|
' ECDH, and ECDSA enabled.')
|
||||||
return False
|
return False
|
||||||
matches = cflags_regex.findall(openssl_cflags)
|
if sys.version_info >=(3,0,0):
|
||||||
|
matches = cflags_regex.findall(str(openssl_cflags))
|
||||||
|
else:
|
||||||
|
matches = cflags_regex.findall(openssl_cflags)
|
||||||
if matches:
|
if matches:
|
||||||
logger.error(
|
logger.error(
|
||||||
'This OpenSSL library is missing the following required'
|
'This OpenSSL library is missing the following required'
|
||||||
|
|
|
@ -542,15 +542,11 @@ class BMProto(AdvancedDispatcher, ObjectTracker):
|
||||||
'%(host)s:%(port)i sending version',
|
'%(host)s:%(port)i sending version',
|
||||||
self.destination._asdict())
|
self.destination._asdict())
|
||||||
if self.services & protocol.NODE_SSL == protocol.NODE_SSL:
|
if self.services & protocol.NODE_SSL == protocol.NODE_SSL:
|
||||||
# self.isSSL = True
|
self.isSSL = True
|
||||||
pass
|
|
||||||
if not self.verackReceived:
|
if not self.verackReceived:
|
||||||
return True
|
return True
|
||||||
# self.set_state(
|
|
||||||
# "tls_init" if self.isSSL else "connection_fully_established",
|
|
||||||
# length=self.payloadLength, expectBytes=0)
|
|
||||||
self.set_state(
|
self.set_state(
|
||||||
"connection_fully_established",
|
"tls_init" if self.isSSL else "connection_fully_established",
|
||||||
length=self.payloadLength, expectBytes=0)
|
length=self.payloadLength, expectBytes=0)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
|
@ -68,6 +68,7 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
self.tlsDone = False
|
self.tlsDone = False
|
||||||
self.tlsVersion = "N/A"
|
self.tlsVersion = "N/A"
|
||||||
self.isSSL = False
|
self.isSSL = False
|
||||||
|
self.sslSocket = None
|
||||||
|
|
||||||
def state_tls_init(self):
|
def state_tls_init(self):
|
||||||
"""Prepare sockets for TLS handshake"""
|
"""Prepare sockets for TLS handshake"""
|
||||||
|
@ -76,28 +77,6 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
self.tlsStarted = True
|
self.tlsStarted = True
|
||||||
# Once the connection has been established,
|
# Once the connection has been established,
|
||||||
# it's safe to wrap the socket.
|
# it's safe to wrap the socket.
|
||||||
if sys.version_info >= (2, 7, 9):
|
|
||||||
context = ssl.create_default_context(
|
|
||||||
purpose=ssl.Purpose.SERVER_AUTH
|
|
||||||
if self.server_side else ssl.Purpose.CLIENT_AUTH)
|
|
||||||
context.set_ciphers(self.ciphers)
|
|
||||||
context.set_ecdh_curve("secp256k1")
|
|
||||||
context.check_hostname = False
|
|
||||||
context.verify_mode = ssl.CERT_NONE
|
|
||||||
# also exclude TLSv1 and TLSv1.1 in the future
|
|
||||||
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 |\
|
|
||||||
ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE |\
|
|
||||||
ssl.OP_CIPHER_SERVER_PREFERENCE
|
|
||||||
self.sslSocket = context.wrap_socket(
|
|
||||||
self.socket, server_side=self.server_side,
|
|
||||||
do_handshake_on_connect=False)
|
|
||||||
else:
|
|
||||||
self.sslSocket = ssl.wrap_socket(
|
|
||||||
self.socket, server_side=self.server_side,
|
|
||||||
ssl_version=sslProtocolVersion,
|
|
||||||
certfile=self.certfile, keyfile=self.keyfile,
|
|
||||||
ciphers=self.ciphers, do_handshake_on_connect=False)
|
|
||||||
self.sslSocket.setblocking(0)
|
|
||||||
self.want_read = self.want_write = True
|
self.want_read = self.want_write = True
|
||||||
self.set_state("tls_handshake")
|
self.set_state("tls_handshake")
|
||||||
return False
|
return False
|
||||||
|
@ -127,7 +106,6 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
# during TLS handshake, and after flushing write buffer,
|
# during TLS handshake, and after flushing write buffer,
|
||||||
# return status of last handshake attempt
|
# return status of last handshake attempt
|
||||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||||
# print "tls readable, %r" % (self.want_read)
|
|
||||||
return self.want_read
|
return self.want_read
|
||||||
# prior to TLS handshake,
|
# prior to TLS handshake,
|
||||||
# receiveDataThread should emulate synchronous behaviour
|
# receiveDataThread should emulate synchronous behaviour
|
||||||
|
@ -145,7 +123,6 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
and normal reads must be ignored.
|
and normal reads must be ignored.
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
# wait for write buffer flush
|
|
||||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||||
# logger.debug(
|
# logger.debug(
|
||||||
# "%s:%i TLS handshaking (read)", self.destination.host,
|
# "%s:%i TLS handshaking (read)", self.destination.host,
|
||||||
|
@ -182,9 +159,6 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
# self.destination.port)
|
# self.destination.port)
|
||||||
self.tls_handshake()
|
self.tls_handshake()
|
||||||
else:
|
else:
|
||||||
# logger.debug(
|
|
||||||
# "%s:%i Not TLS handshaking (write)", self.destination.host,
|
|
||||||
# self.destination.port)
|
|
||||||
return AdvancedDispatcher.handle_write(self)
|
return AdvancedDispatcher.handle_write(self)
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
return AdvancedDispatcher.handle_write(self)
|
return AdvancedDispatcher.handle_write(self)
|
||||||
|
@ -201,8 +175,34 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
def tls_handshake(self):
|
def tls_handshake(self):
|
||||||
"""Perform TLS handshake and handle its stages"""
|
"""Perform TLS handshake and handle its stages"""
|
||||||
# wait for flush
|
# wait for flush
|
||||||
|
# self.sslSocket.setblocking(0)
|
||||||
if self.write_buf:
|
if self.write_buf:
|
||||||
return False
|
return False
|
||||||
|
if not self.sslSocket:
|
||||||
|
self.del_channel()
|
||||||
|
if sys.version_info >= (2, 7, 9):
|
||||||
|
context = ssl.create_default_context(
|
||||||
|
purpose=ssl.Purpose.SERVER_AUTH
|
||||||
|
if self.server_side else ssl.Purpose.CLIENT_AUTH)
|
||||||
|
context.set_ciphers(self.ciphers)
|
||||||
|
context.set_ecdh_curve("secp256k1")
|
||||||
|
context.check_hostname = False
|
||||||
|
context.verify_mode = ssl.CERT_NONE
|
||||||
|
# also exclude TLSv1 and TLSv1.1 in the future
|
||||||
|
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 |\
|
||||||
|
ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE |\
|
||||||
|
ssl.OP_CIPHER_SERVER_PREFERENCE
|
||||||
|
self.sslSocket = context.wrap_socket(
|
||||||
|
self.socket, server_side=self.server_side,
|
||||||
|
do_handshake_on_connect=False)
|
||||||
|
else:
|
||||||
|
self.sslSocket = ssl.wrap_socket(
|
||||||
|
self.socket, server_side=self.server_side,
|
||||||
|
ssl_version=sslProtocolVersion,
|
||||||
|
certfile=self.certfile, keyfile=self.keyfile,
|
||||||
|
ciphers=self.ciphers, do_handshake_on_connect=False)
|
||||||
|
self.sslSocket.setblocking(0)
|
||||||
|
self.set_socket(self.sslSocket)
|
||||||
# Perform the handshake.
|
# Perform the handshake.
|
||||||
try:
|
try:
|
||||||
self.sslSocket.do_handshake()
|
self.sslSocket.do_handshake()
|
||||||
|
@ -233,8 +233,6 @@ class TLSDispatcher(AdvancedDispatcher):
|
||||||
'%s:%i: TLS handshake success',
|
'%s:%i: TLS handshake success',
|
||||||
self.destination.host, self.destination.port)
|
self.destination.host, self.destination.port)
|
||||||
# The handshake has completed, so remove this channel and...
|
# The handshake has completed, so remove this channel and...
|
||||||
self.del_channel()
|
|
||||||
self.set_socket(self.sslSocket)
|
|
||||||
self.tlsDone = True
|
self.tlsDone = True
|
||||||
|
|
||||||
self.bm_proto_reset()
|
self.bm_proto_reset()
|
||||||
|
|
|
@ -231,7 +231,6 @@ def haveSSL(server=False):
|
||||||
python < 2.7.9's ssl library does not support ECDSA server due to
|
python < 2.7.9's ssl library does not support ECDSA server due to
|
||||||
missing initialisation of available curves, but client works ok
|
missing initialisation of available curves, but client works ok
|
||||||
"""
|
"""
|
||||||
return False
|
|
||||||
if not server:
|
if not server:
|
||||||
return True
|
return True
|
||||||
elif sys.version_info >= (2, 7, 9):
|
elif sys.version_info >= (2, 7, 9):
|
||||||
|
|
|
@ -82,7 +82,7 @@ class _OpenSSL(object):
|
||||||
"""Build the wrapper"""
|
"""Build the wrapper"""
|
||||||
self._lib = ctypes.CDLL(library)
|
self._lib = ctypes.CDLL(library)
|
||||||
self._version, self._hexversion, self._cflags = get_version(self._lib)
|
self._version, self._hexversion, self._cflags = get_version(self._lib)
|
||||||
self._libreSSL = (self._version).decode("utf-8").startswith("OpenSSL")
|
self._libreSSL = (self._version).decode("utf-8").startswith("LibreSSL")
|
||||||
|
|
||||||
self.pointer = ctypes.pointer
|
self.pointer = ctypes.pointer
|
||||||
self.c_int = ctypes.c_int
|
self.c_int = ctypes.c_int
|
||||||
|
|
Reference in New Issue
Block a user