Solved SSL issue

This commit is contained in:
jai.s 2020-04-04 21:38:50 +05:30
parent f9a4f3b6ee
commit 76555b1aa7
No known key found for this signature in database
GPG Key ID: 360CFA25EFC67D12
6 changed files with 34 additions and 40 deletions

View File

@ -57,9 +57,7 @@ class BMConfigParser(configparser.ConfigParser):
return configparser.ConfigParser.set(self, section, option, value) return configparser.ConfigParser.set(self, section, option, value)
def get(self, section, option, raw=False, vars=None): def get(self, section, option, raw=False, vars=None):
# import pdb;pdb.set_trace()
# pylint: disable=unused-argument # pylint: disable=unused-argument
# import pdb; pdb.set_trace()
try: try:
if section == "bitmessagesettings" and option == "timeformat": if section == "bitmessagesettings" and option == "timeformat":
return configparser.ConfigParser.get( return configparser.ConfigParser.get(

View File

@ -304,7 +304,10 @@ def check_openssl():
' OpenSSL 0.9.8b or later with AES, Elliptic Curves (EC),' ' OpenSSL 0.9.8b or later with AES, Elliptic Curves (EC),'
' ECDH, and ECDSA enabled.') ' ECDH, and ECDSA enabled.')
return False return False
matches = cflags_regex.findall(openssl_cflags) if sys.version_info >=(3,0,0):
matches = cflags_regex.findall(str(openssl_cflags))
else:
matches = cflags_regex.findall(openssl_cflags)
if matches: if matches:
logger.error( logger.error(
'This OpenSSL library is missing the following required' 'This OpenSSL library is missing the following required'

View File

@ -542,15 +542,11 @@ class BMProto(AdvancedDispatcher, ObjectTracker):
'%(host)s:%(port)i sending version', '%(host)s:%(port)i sending version',
self.destination._asdict()) self.destination._asdict())
if self.services & protocol.NODE_SSL == protocol.NODE_SSL: if self.services & protocol.NODE_SSL == protocol.NODE_SSL:
# self.isSSL = True self.isSSL = True
pass
if not self.verackReceived: if not self.verackReceived:
return True return True
# self.set_state(
# "tls_init" if self.isSSL else "connection_fully_established",
# length=self.payloadLength, expectBytes=0)
self.set_state( self.set_state(
"connection_fully_established", "tls_init" if self.isSSL else "connection_fully_established",
length=self.payloadLength, expectBytes=0) length=self.payloadLength, expectBytes=0)
return False return False

View File

@ -68,6 +68,7 @@ class TLSDispatcher(AdvancedDispatcher):
self.tlsDone = False self.tlsDone = False
self.tlsVersion = "N/A" self.tlsVersion = "N/A"
self.isSSL = False self.isSSL = False
self.sslSocket = None
def state_tls_init(self): def state_tls_init(self):
"""Prepare sockets for TLS handshake""" """Prepare sockets for TLS handshake"""
@ -76,28 +77,6 @@ class TLSDispatcher(AdvancedDispatcher):
self.tlsStarted = True self.tlsStarted = True
# Once the connection has been established, # Once the connection has been established,
# it's safe to wrap the socket. # it's safe to wrap the socket.
if sys.version_info >= (2, 7, 9):
context = ssl.create_default_context(
purpose=ssl.Purpose.SERVER_AUTH
if self.server_side else ssl.Purpose.CLIENT_AUTH)
context.set_ciphers(self.ciphers)
context.set_ecdh_curve("secp256k1")
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
# also exclude TLSv1 and TLSv1.1 in the future
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 |\
ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE |\
ssl.OP_CIPHER_SERVER_PREFERENCE
self.sslSocket = context.wrap_socket(
self.socket, server_side=self.server_side,
do_handshake_on_connect=False)
else:
self.sslSocket = ssl.wrap_socket(
self.socket, server_side=self.server_side,
ssl_version=sslProtocolVersion,
certfile=self.certfile, keyfile=self.keyfile,
ciphers=self.ciphers, do_handshake_on_connect=False)
self.sslSocket.setblocking(0)
self.want_read = self.want_write = True self.want_read = self.want_write = True
self.set_state("tls_handshake") self.set_state("tls_handshake")
return False return False
@ -127,7 +106,6 @@ class TLSDispatcher(AdvancedDispatcher):
# during TLS handshake, and after flushing write buffer, # during TLS handshake, and after flushing write buffer,
# return status of last handshake attempt # return status of last handshake attempt
if self.tlsStarted and not self.tlsDone and not self.write_buf: if self.tlsStarted and not self.tlsDone and not self.write_buf:
# print "tls readable, %r" % (self.want_read)
return self.want_read return self.want_read
# prior to TLS handshake, # prior to TLS handshake,
# receiveDataThread should emulate synchronous behaviour # receiveDataThread should emulate synchronous behaviour
@ -145,7 +123,6 @@ class TLSDispatcher(AdvancedDispatcher):
and normal reads must be ignored. and normal reads must be ignored.
""" """
try: try:
# wait for write buffer flush
if self.tlsStarted and not self.tlsDone and not self.write_buf: if self.tlsStarted and not self.tlsDone and not self.write_buf:
# logger.debug( # logger.debug(
# "%s:%i TLS handshaking (read)", self.destination.host, # "%s:%i TLS handshaking (read)", self.destination.host,
@ -182,9 +159,6 @@ class TLSDispatcher(AdvancedDispatcher):
# self.destination.port) # self.destination.port)
self.tls_handshake() self.tls_handshake()
else: else:
# logger.debug(
# "%s:%i Not TLS handshaking (write)", self.destination.host,
# self.destination.port)
return AdvancedDispatcher.handle_write(self) return AdvancedDispatcher.handle_write(self)
except AttributeError: except AttributeError:
return AdvancedDispatcher.handle_write(self) return AdvancedDispatcher.handle_write(self)
@ -201,8 +175,34 @@ class TLSDispatcher(AdvancedDispatcher):
def tls_handshake(self): def tls_handshake(self):
"""Perform TLS handshake and handle its stages""" """Perform TLS handshake and handle its stages"""
# wait for flush # wait for flush
# self.sslSocket.setblocking(0)
if self.write_buf: if self.write_buf:
return False return False
if not self.sslSocket:
self.del_channel()
if sys.version_info >= (2, 7, 9):
context = ssl.create_default_context(
purpose=ssl.Purpose.SERVER_AUTH
if self.server_side else ssl.Purpose.CLIENT_AUTH)
context.set_ciphers(self.ciphers)
context.set_ecdh_curve("secp256k1")
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
# also exclude TLSv1 and TLSv1.1 in the future
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 |\
ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE |\
ssl.OP_CIPHER_SERVER_PREFERENCE
self.sslSocket = context.wrap_socket(
self.socket, server_side=self.server_side,
do_handshake_on_connect=False)
else:
self.sslSocket = ssl.wrap_socket(
self.socket, server_side=self.server_side,
ssl_version=sslProtocolVersion,
certfile=self.certfile, keyfile=self.keyfile,
ciphers=self.ciphers, do_handshake_on_connect=False)
self.sslSocket.setblocking(0)
self.set_socket(self.sslSocket)
# Perform the handshake. # Perform the handshake.
try: try:
self.sslSocket.do_handshake() self.sslSocket.do_handshake()
@ -233,8 +233,6 @@ class TLSDispatcher(AdvancedDispatcher):
'%s:%i: TLS handshake success', '%s:%i: TLS handshake success',
self.destination.host, self.destination.port) self.destination.host, self.destination.port)
# The handshake has completed, so remove this channel and... # The handshake has completed, so remove this channel and...
self.del_channel()
self.set_socket(self.sslSocket)
self.tlsDone = True self.tlsDone = True
self.bm_proto_reset() self.bm_proto_reset()

View File

@ -231,7 +231,6 @@ def haveSSL(server=False):
python < 2.7.9's ssl library does not support ECDSA server due to python < 2.7.9's ssl library does not support ECDSA server due to
missing initialisation of available curves, but client works ok missing initialisation of available curves, but client works ok
""" """
return False
if not server: if not server:
return True return True
elif sys.version_info >= (2, 7, 9): elif sys.version_info >= (2, 7, 9):

View File

@ -82,7 +82,7 @@ class _OpenSSL(object):
"""Build the wrapper""" """Build the wrapper"""
self._lib = ctypes.CDLL(library) self._lib = ctypes.CDLL(library)
self._version, self._hexversion, self._cflags = get_version(self._lib) self._version, self._hexversion, self._cflags = get_version(self._lib)
self._libreSSL = (self._version).decode("utf-8").startswith("OpenSSL") self._libreSSL = (self._version).decode("utf-8").startswith("LibreSSL")
self.pointer = ctypes.pointer self.pointer = ctypes.pointer
self.c_int = ctypes.c_int self.c_int = ctypes.c_int