enable TLS connection

This commit is contained in:
Kashiko Koibumi 2024-05-13 22:00:48 +09:00
parent 057e856925
commit 16019d4083
No known key found for this signature in database
GPG Key ID: 8F06E069E37C40C4
7 changed files with 26 additions and 14 deletions

1
.gitignore vendored
View File

@ -25,3 +25,4 @@ coverage.xml
**coverage.json **coverage.json
.buildozer .buildozer
.tox .tox
*.swp

View File

@ -1386,7 +1386,7 @@ class MyForm(settingsmixin.SMainWindow):
# initialise the message notifier # initialise the message notifier
def notifierInit(self): def notifierInit(self):
def _simple_notify( def _simple_notify(
title, subtitle, category, label=None, icon=None): title, subtitle, category, label=None, icon=QtWidgets.QSystemTrayIcon.MessageIcon.Information):
self.tray.showMessage(title, subtitle, icon, 2000) self.tray.showMessage(title, subtitle, icon, 2000)
self._notifier = _simple_notify self._notifier = _simple_notify
@ -1416,7 +1416,7 @@ class MyForm(settingsmixin.SMainWindow):
logger.warning("No notification.sound plugin found") logger.warning("No notification.sound plugin found")
def notifierShow( def notifierShow(
self, title, subtitle, category, label=None, icon=None): self, title, subtitle, category, label=None, icon=QtWidgets.QSystemTrayIcon.MessageIcon.Information):
self.playSound(category, label) self.playSound(category, label)
self._notifier( self._notifier(
str(title), str(subtitle), category, label, icon) str(title), str(subtitle), category, label, icon)

View File

@ -5,7 +5,7 @@ src/network/httpd.py
import asyncore import asyncore
import socket import socket
from tls import TLSHandshake from .tls import TLSHandshake
class HTTPRequestHandler(asyncore.dispatcher): class HTTPRequestHandler(asyncore.dispatcher):

View File

@ -1,7 +1,7 @@
import asyncore import asyncore
from http import HTTPClient from http import HTTPClient
from tls import TLSHandshake from .tls import TLSHandshake
""" """
self.sslSock = ssl.wrap_socket( self.sslSock = ssl.wrap_socket(

View File

@ -108,6 +108,8 @@ def addKnownNode(stream, peer, lastseen=None, is_self=False):
Returns True if added a new node. Returns True if added a new node.
""" """
# pylint: disable=too-many-branches # pylint: disable=too-many-branches
if not isinstance(peer.host, str):
peer = Peer(peer.host.decode(), peer.port)
if isinstance(stream, Iterable): if isinstance(stream, Iterable):
with knownNodesLock: with knownNodesLock:
for s in stream: for s in stream:

View File

@ -40,7 +40,6 @@ if (
else: else:
sslProtocolCiphers = "AECDH-AES256-SHA" sslProtocolCiphers = "AECDH-AES256-SHA"
class TLSDispatcher(AdvancedDispatcher): class TLSDispatcher(AdvancedDispatcher):
"""TLS functionality for classes derived from AdvancedDispatcher""" """TLS functionality for classes derived from AdvancedDispatcher"""
# pylint: disable=too-many-instance-attributes, too-many-arguments # pylint: disable=too-many-instance-attributes, too-many-arguments
@ -58,17 +57,22 @@ class TLSDispatcher(AdvancedDispatcher):
self.tlsDone = False self.tlsDone = False
self.tlsVersion = "N/A" self.tlsVersion = "N/A"
self.isSSL = False self.isSSL = False
self.tlsPrepared = False
def state_tls_init(self): def state_tls_init(self):
"""Prepare sockets for TLS handshake""" """Prepare sockets for TLS handshake"""
self.isSSL = True self.isSSL = True
self.tlsStarted = True self.tlsStarted = True
self.want_read = self.want_write = True
self.set_state("tls_handshake")
return False
def do_tls_init(self):
# Once the connection has been established, # Once the connection has been established,
# it's safe to wrap the socket. # it's safe to wrap the socket.
if sys.version_info >= (2, 7, 9): if sys.version_info >= (2, 7, 9):
context = ssl.create_default_context( context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
purpose=ssl.Purpose.SERVER_AUTH
if self.server_side else ssl.Purpose.CLIENT_AUTH)
context.set_ciphers(self.ciphers) context.set_ciphers(self.ciphers)
context.set_ecdh_curve("secp256k1") context.set_ecdh_curve("secp256k1")
context.check_hostname = False context.check_hostname = False
@ -76,7 +80,7 @@ class TLSDispatcher(AdvancedDispatcher):
# also exclude TLSv1 and TLSv1.1 in the future # also exclude TLSv1 and TLSv1.1 in the future
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 |\ context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 |\
ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE |\ ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE |\
ssl.OP_CIPHER_SERVER_PREFERENCE ssl.OP_CIPHER_SERVER_PREFERENCE | ssl.OP_NO_TLSv1_3
self.sslSocket = context.wrap_socket( self.sslSocket = context.wrap_socket(
self.socket, server_side=self.server_side, self.socket, server_side=self.server_side,
do_handshake_on_connect=False) do_handshake_on_connect=False)
@ -88,7 +92,6 @@ class TLSDispatcher(AdvancedDispatcher):
ciphers=self.ciphers, do_handshake_on_connect=False) ciphers=self.ciphers, do_handshake_on_connect=False)
self.sslSocket.setblocking(0) self.sslSocket.setblocking(0)
self.want_read = self.want_write = True self.want_read = self.want_write = True
self.set_state("tls_handshake")
return False return False
@staticmethod @staticmethod
@ -134,6 +137,10 @@ class TLSDispatcher(AdvancedDispatcher):
try: try:
# wait for write buffer flush # wait for write buffer flush
if self.tlsStarted and not self.tlsDone and not self.write_buf: if self.tlsStarted and not self.tlsDone and not self.write_buf:
if not self.tlsPrepared:
self.do_tls_init()
self.tlsPrepared = True
else:
self.tls_handshake() self.tls_handshake()
else: else:
AdvancedDispatcher.handle_read(self) AdvancedDispatcher.handle_read(self)
@ -156,6 +163,10 @@ class TLSDispatcher(AdvancedDispatcher):
try: try:
# wait for write buffer flush # wait for write buffer flush
if self.tlsStarted and not self.tlsDone and not self.write_buf: if self.tlsStarted and not self.tlsDone and not self.write_buf:
if not self.tlsPrepared:
self.do_tls_init()
self.tlsPrepared = True
else:
self.tls_handshake() self.tls_handshake()
else: else:
AdvancedDispatcher.handle_write(self) AdvancedDispatcher.handle_write(self)

View File

@ -250,8 +250,6 @@ def haveSSL(server=False):
python < 2.7.9's ssl library does not support ECDSA server due to python < 2.7.9's ssl library does not support ECDSA server due to
missing initialisation of available curves, but client works ok missing initialisation of available curves, but client works ok
""" """
# XXX debug - disable TLS
return False
if not server: if not server:
return True return True
elif sys.version_info >= (2, 7, 9): elif sys.version_info >= (2, 7, 9):