SSL fixes

Handle old Python compatibility better.
This commit is contained in:
mailchuck 2015-11-22 16:43:53 +01:00
parent 97586c50b7
commit 3e723969a7
Signed by untrusted user who does not match committer: PeterSurda
GPG Key ID: 0C5F50C0B5F37D87
3 changed files with 21 additions and 8 deletions

View File

@ -81,7 +81,9 @@ class receiveDataThread(threading.Thread):
shared.numberOfBytesReceivedLastSecond = 0
dataLen = len(self.data)
try:
if (self.services & shared.NODE_SSL == shared.NODE_SSL) and self.connectionIsOrWasFullyEstablished:
if ((self.services & shared.NODE_SSL == shared.NODE_SSL) and
self.connectionIsOrWasFullyEstablished and
shared.haveSSL(not self.initiatedConnection)):
dataRecv = self.sslSock.recv(1024)
else:
dataRecv = self.sock.recv(1024)
@ -251,7 +253,8 @@ class receiveDataThread(threading.Thread):
self.connectionIsOrWasFullyEstablished = True
self.sslSock = self.sock
if (self.services & shared.NODE_SSL == shared.NODE_SSL and (self.initiatedConnection or sys.version_info >= (2, 7, 9))):
if (self.services & shared.NODE_SSL == shared.NODE_SSL and
shared.haveSSL(not self.initiatedConnection)):
self.sslSock = ssl.wrap_socket(self.sock, keyfile = os.path.join(shared.codePath(), 'sslkeys', 'key.pem'), certfile = os.path.join(shared.codePath(), 'sslkeys', 'cert.pem'), server_side = not self.initiatedConnection, ssl_version=ssl.PROTOCOL_TLSv1, do_handshake_on_connect=False, ciphers='AECDH-AES256-SHA')
if hasattr(self.sslSock, "context"):
self.sslSock.context.set_ecdh_curve("secp256k1")
@ -267,7 +270,7 @@ class receiveDataThread(threading.Thread):
except:
break
# Command the corresponding sendDataThread to set its own connectionIsOrWasFullyEstablished variable to True also
self.sendDataThreadQueue.put((0, 'connectionIsOrWasFullyEstablished', (self.services, self.sslSock)))
self.sendDataThreadQueue.put((0, 'connectionIsOrWasFullyEstablished', (self.services, self.sslSock, self.initiatedConnection)))
if not self.initiatedConnection:
shared.clientHasReceivedIncomingConnections = True

View File

@ -39,6 +39,7 @@ class sendDataThread(threading.Thread):
self.name = "sendData-" + self.peer.host
self.streamNumber = streamNumber
self.services = 0
self.initiatedConnection = False
self.remoteProtocolVersion = - \
1 # This must be set using setRemoteProtocolVersion command which is sent through the self.sendDataThreadQueue queue.
self.lastTimeISentData = int(
@ -82,7 +83,9 @@ class sendDataThread(threading.Thread):
uploadRateLimitBytes = 999999999 # float("inf") doesn't work
else:
uploadRateLimitBytes = shared.config.getint('bitmessagesettings', 'maxuploadrate') * 1000
if self.services & shared.NODE_SSL == shared.NODE_SSL and self.connectionIsOrWasFullyEstablished:
if ((self.services & shared.NODE_SSL == shared.NODE_SSL) and
self.connectionIsOrWasFullyEstablished and
shared.haveSSL(not self.initiatedConnection)):
amountSent = self.sslSock.send(data[:1000])
else:
amountSent = self.sock.send(data[:1000])
@ -172,7 +175,7 @@ class sendDataThread(threading.Thread):
break
elif command == 'connectionIsOrWasFullyEstablished':
self.connectionIsOrWasFullyEstablished = True
self.services, self.sslSock = data
self.services, self.sslSock, self.initiatedConnection = data
else:
logger.error('sendDataThread ID: ' + str(id(self)) + ' ignoring command ' + command + ' because the thread is not in stream' + str(deststream))

View File

@ -149,11 +149,18 @@ def encodeHost(host):
else:
return socket.inet_pton(socket.AF_INET6, host)
def assembleVersionMessage(remoteHost, remotePort, myStreamNumber):
def haveSSL(server = False):
# python < 2.7.9's ssl library does not support ECDSA server due to missing initialisation of available curves, but client works ok
if server == False:
return True
elif sys.version_info >= (2,7,9):
return True
return False
def assembleVersionMessage(remoteHost, remotePort, myStreamNumber, server = False):
payload = ''
payload += pack('>L', 3) # protocol version.
payload += pack('>q', NODE_NETWORK|(NODE_SSL if sys.version_info >= (2, 7, 9) else 0)) # bitflags of the services I offer.
# python < 2.7.9's ssl library does not support ECDSA server due to missing initialisation of available curves, but client works ok
payload += pack('>q', NODE_NETWORK|(NODE_SSL if haveSSL(server) else 0)) # bitflags of the services I offer.
payload += pack('>q', int(time.time()))
payload += pack(