tls flake8 fixes

This commit is contained in:
lakshyacis 2019-09-11 14:31:17 +05:30
parent fcffb42629
commit dccb1dbb3c
No known key found for this signature in database
GPG Key ID: D2C539C8EC63E9EB
1 changed files with 17 additions and 14 deletions

View File

@ -64,15 +64,18 @@ class TLSDispatcher(AdvancedDispatcher):
self.tlsStarted = True self.tlsStarted = True
# Once the connection has been established, it's safe to wrap the # Once the connection has been established, it's safe to wrap the
# socket. # socket.
if sys.version_info >= (2,7,9): if sys.version_info >= (2, 7, 9):
context = ssl.create_default_context(purpose = ssl.Purpose.SERVER_AUTH if self.server_side else ssl.Purpose.CLIENT_AUTH) context = ssl.create_default_context(
purpose=ssl.Purpose.SERVER_AUTH if self.server_side else ssl.Purpose.CLIENT_AUTH)
context.set_ciphers(self.ciphers) context.set_ciphers(self.ciphers)
context.set_ecdh_curve("secp256k1") context.set_ecdh_curve("secp256k1")
context.check_hostname = False context.check_hostname = False
context.verify_mode = ssl.CERT_NONE context.verify_mode = ssl.CERT_NONE
# also exclude TLSv1 and TLSv1.1 in the future # also exclude TLSv1 and TLSv1.1 in the future
context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE | ssl.OP_CIPHER_SERVER_PREFERENCE context.options = ssl.OP_ALL | ssl.OP_NO_SSLv2 |\
self.sslSocket = context.wrap_socket(self.socket, server_side = self.server_side, do_handshake_on_connect=False) ssl.OP_NO_SSLv3 | ssl.OP_SINGLE_ECDH_USE | ssl.OP_CIPHER_SERVER_PREFERENCE
self.sslSocket = context.wrap_socket(
self.socket, server_side=self.server_side, do_handshake_on_connect=False)
else: else:
self.sslSocket = ssl.wrap_socket( self.sslSocket = ssl.wrap_socket(
self.socket, server_side=self.server_side, self.socket, server_side=self.server_side,
@ -101,7 +104,7 @@ class TLSDispatcher(AdvancedDispatcher):
try: try:
# during TLS handshake, and after flushing write buffer, return status of last handshake attempt # during TLS handshake, and after flushing write buffer, return status of last handshake attempt
if self.tlsStarted and not self.tlsDone and not self.write_buf: if self.tlsStarted and not self.tlsDone and not self.write_buf:
#print "tls readable, %r" % (self.want_read) # print "tls readable, %r" % (self.want_read)
return self.want_read return self.want_read
# prior to TLS handshake, receiveDataThread should emulate synchronous behaviour # prior to TLS handshake, receiveDataThread should emulate synchronous behaviour
elif not self.fullyEstablished and (self.expectBytes == 0 or not self.write_buf_empty()): elif not self.fullyEstablished and (self.expectBytes == 0 or not self.write_buf_empty()):
@ -114,10 +117,10 @@ class TLSDispatcher(AdvancedDispatcher):
try: try:
# wait for write buffer flush # wait for write buffer flush
if self.tlsStarted and not self.tlsDone and not self.write_buf: if self.tlsStarted and not self.tlsDone and not self.write_buf:
#logger.debug("%s:%i TLS handshaking (read)", self.destination.host, self.destination.port) # logger.debug("%s:%i TLS handshaking (read)", self.destination.host, self.destination.port)
self.tls_handshake() self.tls_handshake()
else: else:
#logger.debug("%s:%i Not TLS handshaking (read)", self.destination.host, self.destination.port) # logger.debug("%s:%i Not TLS handshaking (read)", self.destination.host, self.destination.port)
return AdvancedDispatcher.handle_read(self) return AdvancedDispatcher.handle_read(self)
except AttributeError: except AttributeError:
return AdvancedDispatcher.handle_read(self) return AdvancedDispatcher.handle_read(self)
@ -135,10 +138,10 @@ class TLSDispatcher(AdvancedDispatcher):
try: try:
# wait for write buffer flush # wait for write buffer flush
if self.tlsStarted and not self.tlsDone and not self.write_buf: if self.tlsStarted and not self.tlsDone and not self.write_buf:
#logger.debug("%s:%i TLS handshaking (write)", self.destination.host, self.destination.port) # logger.debug("%s:%i TLS handshaking (write)", self.destination.host, self.destination.port)
self.tls_handshake() self.tls_handshake()
else: else:
#logger.debug("%s:%i Not TLS handshaking (write)", self.destination.host, self.destination.port) # logger.debug("%s:%i Not TLS handshaking (write)", self.destination.host, self.destination.port)
return AdvancedDispatcher.handle_write(self) return AdvancedDispatcher.handle_write(self)
except AttributeError: except AttributeError:
return AdvancedDispatcher.handle_write(self) return AdvancedDispatcher.handle_write(self)
@ -158,16 +161,16 @@ class TLSDispatcher(AdvancedDispatcher):
return False return False
# Perform the handshake. # Perform the handshake.
try: try:
#print "handshaking (internal)" # print "handshaking (internal)"
self.sslSocket.do_handshake() self.sslSocket.do_handshake()
except ssl.SSLError as err: except ssl.SSLError as err:
#print "%s:%i: handshake fail" % (self.destination.host, self.destination.port) # print "%s:%i: handshake fail" % (self.destination.host, self.destination.port)
self.want_read = self.want_write = False self.want_read = self.want_write = False
if err.args[0] == ssl.SSL_ERROR_WANT_READ: if err.args[0] == ssl.SSL_ERROR_WANT_READ:
#print "want read" # print "want read"
self.want_read = True self.want_read = True
if err.args[0] == ssl.SSL_ERROR_WANT_WRITE: if err.args[0] == ssl.SSL_ERROR_WANT_WRITE:
#print "want write" # print "want write"
self.want_write = True self.want_write = True
if not (self.want_write or self.want_read): if not (self.want_write or self.want_read):
raise raise
@ -180,7 +183,7 @@ class TLSDispatcher(AdvancedDispatcher):
if sys.version_info >= (2, 7, 9): if sys.version_info >= (2, 7, 9):
self.tlsVersion = self.sslSocket.version() self.tlsVersion = self.sslSocket.version()
logger.debug("%s:%i: TLS handshake success, TLS protocol version: %s", logger.debug("%s:%i: TLS handshake success, TLS protocol version: %s",
self.destination.host, self.destination.port, self.sslSocket.version()) self.destination.host, self.destination.port, self.sslSocket.version())
else: else:
self.tlsVersion = "TLSv1" self.tlsVersion = "TLSv1"
logger.debug("%s:%i: TLS handshake success", self.destination.host, self.destination.port) logger.debug("%s:%i: TLS handshake success", self.destination.host, self.destination.port)