enable TLS connection

2024-05-13 22:00:48 +09:00 · 2024-05-13 22:00:48 +09:00 · 16019d4083
commit 16019d4083
parent 057e856925
7 changed files with 26 additions and 14 deletions
--- a/.gitignore
+++ b/.gitignore
@ -25,3 +25,4 @@ coverage.xml
 **coverage.json
 .buildozer
 .tox
+*.swp
--- a/src/bitmessageqt/init.py
+++ b/src/bitmessageqt/init.py
@ -1386,7 +1386,7 @@ class MyForm(settingsmixin.SMainWindow):
    # initialise the message notifier
    def notifierInit(self):
        def _simple_notify(
-                title, subtitle, category, label=None, icon=None):
+                title, subtitle, category, label=None, icon=QtWidgets.QSystemTrayIcon.MessageIcon.Information):
            self.tray.showMessage(title, subtitle, icon, 2000)

        self._notifier = _simple_notify
@ -1416,7 +1416,7 @@ class MyForm(settingsmixin.SMainWindow):
                logger.warning("No notification.sound plugin found")

    def notifierShow(
-            self, title, subtitle, category, label=None, icon=None):
+            self, title, subtitle, category, label=None, icon=QtWidgets.QSystemTrayIcon.MessageIcon.Information):
        self.playSound(category, label)
        self._notifier(
            str(title), str(subtitle), category, label, icon)
--- a/src/network/httpd.py
+++ b/src/network/httpd.py
@ -5,7 +5,7 @@ src/network/httpd.py
 import asyncore
 import socket

-from tls import TLSHandshake
+from .tls import TLSHandshake


 class HTTPRequestHandler(asyncore.dispatcher):
--- a/src/network/https.py
+++ b/src/network/https.py
@ -1,7 +1,7 @@
 import asyncore

 from http import HTTPClient
-from tls import TLSHandshake
+from .tls import TLSHandshake

 """
 self.sslSock = ssl.wrap_socket(
--- a/src/network/knownnodes.py
+++ b/src/network/knownnodes.py
@ -108,6 +108,8 @@ def addKnownNode(stream, peer, lastseen=None, is_self=False):
    Returns True if added a new node.
    """
    # pylint: disable=too-many-branches
+    if not isinstance(peer.host, str):
+        peer = Peer(peer.host.decode(), peer.port)
    if isinstance(stream, Iterable):
        with knownNodesLock:
            for s in stream:
--- a/src/network/tls.py
+++ b/src/network/tls.py
@ -40,7 +40,6 @@ if (
 else:
    sslProtocolCiphers = "AECDH-AES256-SHA"

-
 class TLSDispatcher(AdvancedDispatcher):
    """TLS functionality for classes derived from AdvancedDispatcher"""
    # pylint: disable=too-many-instance-attributes, too-many-arguments
@ -58,17 +57,22 @@ class TLSDispatcher(AdvancedDispatcher):
        self.tlsDone = False
        self.tlsVersion = "N/A"
        self.isSSL = False
+        self.tlsPrepared = False

    def state_tls_init(self):
        """Prepare sockets for TLS handshake"""
        self.isSSL = True
        self.tlsStarted = True
+
+        self.want_read = self.want_write = True
+        self.set_state("tls_handshake")
+        return False
+
+    def do_tls_init(self):
        # Once the connection has been established,
        # it's safe to wrap the socket.
        if sys.version_info >= (2, 7, 9):
-            context = ssl.create_default_context(
-                purpose=ssl.Purpose.SERVER_AUTH
-                if self.server_side else ssl.Purpose.CLIENT_AUTH)
+            context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
            context.set_ciphers(self.ciphers)
            context.set_ecdh_curve("secp256k1")
            context.check_hostname = False
@ -76,7 +80,7 @@ class TLSDispatcher(AdvancedDispatcher):
            # also exclude TLSv1 and TLSv1.1 in the future
            context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 |\
                ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE |\
-                ssl.OP_CIPHER_SERVER_PREFERENCE
+                ssl.OP_CIPHER_SERVER_PREFERENCE | ssl.OP_NO_TLSv1_3
            self.sslSocket = context.wrap_socket(
                self.socket, server_side=self.server_side,
                do_handshake_on_connect=False)
@ -88,7 +92,6 @@ class TLSDispatcher(AdvancedDispatcher):
                ciphers=self.ciphers, do_handshake_on_connect=False)
        self.sslSocket.setblocking(0)
        self.want_read = self.want_write = True
-        self.set_state("tls_handshake")
        return False

    @staticmethod
@ -134,7 +137,11 @@ class TLSDispatcher(AdvancedDispatcher):
        try:
            # wait for write buffer flush
            if self.tlsStarted and not self.tlsDone and not self.write_buf:
-                self.tls_handshake()
+                if not self.tlsPrepared:
+                    self.do_tls_init()
+                    self.tlsPrepared = True
+                else:
+                    self.tls_handshake()
            else:
                AdvancedDispatcher.handle_read(self)
        except AttributeError:
@ -156,7 +163,11 @@ class TLSDispatcher(AdvancedDispatcher):
        try:
            # wait for write buffer flush
            if self.tlsStarted and not self.tlsDone and not self.write_buf:
-                self.tls_handshake()
+                if not self.tlsPrepared:
+                    self.do_tls_init()
+                    self.tlsPrepared = True
+                else:
+                    self.tls_handshake()
            else:
                AdvancedDispatcher.handle_write(self)
        except AttributeError:
--- a/src/protocol.py
+++ b/src/protocol.py
@ -250,8 +250,6 @@ def haveSSL(server=False):
    python < 2.7.9's ssl library does not support ECDSA server due to
    missing initialisation of available curves, but client works ok
    """
-    # XXX debug - disable TLS
-    return False
    if not server:
        return True
    elif sys.version_info >= (2, 7, 9):