enable TLS connection
This commit is contained in:
parent
057e856925
commit
16019d4083
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -25,3 +25,4 @@ coverage.xml
|
|||
**coverage.json
|
||||
.buildozer
|
||||
.tox
|
||||
*.swp
|
||||
|
|
|
@ -1386,7 +1386,7 @@ class MyForm(settingsmixin.SMainWindow):
|
|||
# initialise the message notifier
|
||||
def notifierInit(self):
|
||||
def _simple_notify(
|
||||
title, subtitle, category, label=None, icon=None):
|
||||
title, subtitle, category, label=None, icon=QtWidgets.QSystemTrayIcon.MessageIcon.Information):
|
||||
self.tray.showMessage(title, subtitle, icon, 2000)
|
||||
|
||||
self._notifier = _simple_notify
|
||||
|
@ -1416,7 +1416,7 @@ class MyForm(settingsmixin.SMainWindow):
|
|||
logger.warning("No notification.sound plugin found")
|
||||
|
||||
def notifierShow(
|
||||
self, title, subtitle, category, label=None, icon=None):
|
||||
self, title, subtitle, category, label=None, icon=QtWidgets.QSystemTrayIcon.MessageIcon.Information):
|
||||
self.playSound(category, label)
|
||||
self._notifier(
|
||||
str(title), str(subtitle), category, label, icon)
|
||||
|
|
|
@ -5,7 +5,7 @@ src/network/httpd.py
|
|||
import asyncore
|
||||
import socket
|
||||
|
||||
from tls import TLSHandshake
|
||||
from .tls import TLSHandshake
|
||||
|
||||
|
||||
class HTTPRequestHandler(asyncore.dispatcher):
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import asyncore
|
||||
|
||||
from http import HTTPClient
|
||||
from tls import TLSHandshake
|
||||
from .tls import TLSHandshake
|
||||
|
||||
"""
|
||||
self.sslSock = ssl.wrap_socket(
|
||||
|
|
|
@ -108,6 +108,8 @@ def addKnownNode(stream, peer, lastseen=None, is_self=False):
|
|||
Returns True if added a new node.
|
||||
"""
|
||||
# pylint: disable=too-many-branches
|
||||
if not isinstance(peer.host, str):
|
||||
peer = Peer(peer.host.decode(), peer.port)
|
||||
if isinstance(stream, Iterable):
|
||||
with knownNodesLock:
|
||||
for s in stream:
|
||||
|
|
|
@ -40,7 +40,6 @@ if (
|
|||
else:
|
||||
sslProtocolCiphers = "AECDH-AES256-SHA"
|
||||
|
||||
|
||||
class TLSDispatcher(AdvancedDispatcher):
|
||||
"""TLS functionality for classes derived from AdvancedDispatcher"""
|
||||
# pylint: disable=too-many-instance-attributes, too-many-arguments
|
||||
|
@ -58,17 +57,22 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
self.tlsDone = False
|
||||
self.tlsVersion = "N/A"
|
||||
self.isSSL = False
|
||||
self.tlsPrepared = False
|
||||
|
||||
def state_tls_init(self):
|
||||
"""Prepare sockets for TLS handshake"""
|
||||
self.isSSL = True
|
||||
self.tlsStarted = True
|
||||
|
||||
self.want_read = self.want_write = True
|
||||
self.set_state("tls_handshake")
|
||||
return False
|
||||
|
||||
def do_tls_init(self):
|
||||
# Once the connection has been established,
|
||||
# it's safe to wrap the socket.
|
||||
if sys.version_info >= (2, 7, 9):
|
||||
context = ssl.create_default_context(
|
||||
purpose=ssl.Purpose.SERVER_AUTH
|
||||
if self.server_side else ssl.Purpose.CLIENT_AUTH)
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||
context.set_ciphers(self.ciphers)
|
||||
context.set_ecdh_curve("secp256k1")
|
||||
context.check_hostname = False
|
||||
|
@ -76,7 +80,7 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
# also exclude TLSv1 and TLSv1.1 in the future
|
||||
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 |\
|
||||
ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE |\
|
||||
ssl.OP_CIPHER_SERVER_PREFERENCE
|
||||
ssl.OP_CIPHER_SERVER_PREFERENCE | ssl.OP_NO_TLSv1_3
|
||||
self.sslSocket = context.wrap_socket(
|
||||
self.socket, server_side=self.server_side,
|
||||
do_handshake_on_connect=False)
|
||||
|
@ -88,7 +92,6 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
ciphers=self.ciphers, do_handshake_on_connect=False)
|
||||
self.sslSocket.setblocking(0)
|
||||
self.want_read = self.want_write = True
|
||||
self.set_state("tls_handshake")
|
||||
return False
|
||||
|
||||
@staticmethod
|
||||
|
@ -134,6 +137,10 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
try:
|
||||
# wait for write buffer flush
|
||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||
if not self.tlsPrepared:
|
||||
self.do_tls_init()
|
||||
self.tlsPrepared = True
|
||||
else:
|
||||
self.tls_handshake()
|
||||
else:
|
||||
AdvancedDispatcher.handle_read(self)
|
||||
|
@ -156,6 +163,10 @@ class TLSDispatcher(AdvancedDispatcher):
|
|||
try:
|
||||
# wait for write buffer flush
|
||||
if self.tlsStarted and not self.tlsDone and not self.write_buf:
|
||||
if not self.tlsPrepared:
|
||||
self.do_tls_init()
|
||||
self.tlsPrepared = True
|
||||
else:
|
||||
self.tls_handshake()
|
||||
else:
|
||||
AdvancedDispatcher.handle_write(self)
|
||||
|
|
|
@ -250,8 +250,6 @@ def haveSSL(server=False):
|
|||
python < 2.7.9's ssl library does not support ECDSA server due to
|
||||
missing initialisation of available curves, but client works ok
|
||||
"""
|
||||
# XXX debug - disable TLS
|
||||
return False
|
||||
if not server:
|
||||
return True
|
||||
elif sys.version_info >= (2, 7, 9):
|
||||
|
|
Reference in New Issue
Block a user