OLD | NEW |
1 """ | 1 """ |
2 MAIN CLASS FOR TLS LITE (START HERE!). | 2 MAIN CLASS FOR TLS LITE (START HERE!). |
3 """ | 3 """ |
4 from __future__ import generators | 4 from __future__ import generators |
5 | 5 |
6 import socket | 6 import socket |
7 from utils.compat import formatExceptionTrace | 7 from utils.compat import formatExceptionTrace |
8 from TLSRecordLayer import TLSRecordLayer | 8 from TLSRecordLayer import TLSRecordLayer |
9 from Session import Session | 9 from Session import Session |
10 from constants import * | 10 from constants import * |
(...skipping 914 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
925 | 925 |
926 #Mark the connection as open | 926 #Mark the connection as open |
927 self.session._setResumable(True) | 927 self.session._setResumable(True) |
928 self._handshakeDone(resumed=False) | 928 self._handshakeDone(resumed=False) |
929 | 929 |
930 | 930 |
931 | 931 |
932 def handshakeServer(self, sharedKeyDB=None, verifierDB=None, | 932 def handshakeServer(self, sharedKeyDB=None, verifierDB=None, |
933 certChain=None, privateKey=None, reqCert=False, | 933 certChain=None, privateKey=None, reqCert=False, |
934 sessionCache=None, settings=None, checker=None, | 934 sessionCache=None, settings=None, checker=None, |
935 reqCAs=None, tlsIntolerant=False): | 935 reqCAs=None, tlsIntolerant=0): |
936 """Perform a handshake in the role of server. | 936 """Perform a handshake in the role of server. |
937 | 937 |
938 This function performs an SSL or TLS handshake. Depending on | 938 This function performs an SSL or TLS handshake. Depending on |
939 the arguments and the behavior of the client, this function can | 939 the arguments and the behavior of the client, this function can |
940 perform a shared-key, SRP, or certificate-based handshake. It | 940 perform a shared-key, SRP, or certificate-based handshake. It |
941 can also perform a combined SRP and server-certificate | 941 can also perform a combined SRP and server-certificate |
942 handshake. | 942 handshake. |
943 | 943 |
944 Like any handshake function, this can be called on a closed | 944 Like any handshake function, this can be called on a closed |
945 TLS connection, or on a TLS connection that is already open. | 945 TLS connection, or on a TLS connection that is already open. |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1012 """ | 1012 """ |
1013 for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, | 1013 for result in self.handshakeServerAsync(sharedKeyDB, verifierDB, |
1014 certChain, privateKey, reqCert, sessionCache, settings, | 1014 certChain, privateKey, reqCert, sessionCache, settings, |
1015 checker, reqCAs, tlsIntolerant): | 1015 checker, reqCAs, tlsIntolerant): |
1016 pass | 1016 pass |
1017 | 1017 |
1018 | 1018 |
1019 def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, | 1019 def handshakeServerAsync(self, sharedKeyDB=None, verifierDB=None, |
1020 certChain=None, privateKey=None, reqCert=False, | 1020 certChain=None, privateKey=None, reqCert=False, |
1021 sessionCache=None, settings=None, checker=None, | 1021 sessionCache=None, settings=None, checker=None, |
1022 reqCAs=None, tlsIntolerant=False): | 1022 reqCAs=None, tlsIntolerant=0): |
1023 """Start a server handshake operation on the TLS connection. | 1023 """Start a server handshake operation on the TLS connection. |
1024 | 1024 |
1025 This function returns a generator which behaves similarly to | 1025 This function returns a generator which behaves similarly to |
1026 handshakeServer(). Successive invocations of the generator | 1026 handshakeServer(). Successive invocations of the generator |
1027 will return 0 if it is waiting to read from the socket, 1 if it is | 1027 will return 0 if it is waiting to read from the socket, 1 if it is |
1028 waiting to write to the socket, or it will raise StopIteration | 1028 waiting to write to the socket, or it will raise StopIteration |
1029 if the handshake operation is complete. | 1029 if the handshake operation is complete. |
1030 | 1030 |
1031 @rtype: iterable | 1031 @rtype: iterable |
1032 @return: A generator; see above for details. | 1032 @return: A generator; see above for details. |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1105 clientHello = result | 1105 clientHello = result |
1106 | 1106 |
1107 #If client's version is too low, reject it | 1107 #If client's version is too low, reject it |
1108 if clientHello.client_version < settings.minVersion: | 1108 if clientHello.client_version < settings.minVersion: |
1109 self.version = settings.minVersion | 1109 self.version = settings.minVersion |
1110 for result in self._sendError(\ | 1110 for result in self._sendError(\ |
1111 AlertDescription.protocol_version, | 1111 AlertDescription.protocol_version, |
1112 "Too old version: %s" % str(clientHello.client_version)): | 1112 "Too old version: %s" % str(clientHello.client_version)): |
1113 yield result | 1113 yield result |
1114 | 1114 |
1115 if tlsIntolerant and clientHello.client_version > (3, 0): | 1115 #If tlsIntolerant is nonzero, reject certain TLS versions. |
| 1116 #1: reject all TLS versions. |
| 1117 #2: reject TLS 1.1 or higher. |
| 1118 #3: reject TLS 1.2 or higher. |
| 1119 if (tlsIntolerant == 1 and clientHello.client_version > (3, 0) or |
| 1120 tlsIntolerant == 2 and clientHello.client_version > (3, 1) or |
| 1121 tlsIntolerant == 3 and clientHello.client_version > (3, 2)): |
1116 for result in self._sendError(\ | 1122 for result in self._sendError(\ |
1117 AlertDescription.handshake_failure): | 1123 AlertDescription.handshake_failure): |
1118 yield result | 1124 yield result |
1119 | 1125 |
1120 #If client's version is too high, propose my highest version | 1126 #If client's version is too high, propose my highest version |
1121 elif clientHello.client_version > settings.maxVersion: | 1127 elif clientHello.client_version > settings.maxVersion: |
1122 self.version = settings.maxVersion | 1128 self.version = settings.maxVersion |
1123 | 1129 |
1124 else: | 1130 else: |
1125 #Set the version to the client's version | 1131 #Set the version to the client's version |
(...skipping 483 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1609 if len(publicKey) < settings.minKeySize: | 1615 if len(publicKey) < settings.minKeySize: |
1610 for result in self._sendError(AlertDescription.handshake_failure, | 1616 for result in self._sendError(AlertDescription.handshake_failure, |
1611 "Other party's public key too small: %d" % len(publicKey)): | 1617 "Other party's public key too small: %d" % len(publicKey)): |
1612 yield result | 1618 yield result |
1613 if len(publicKey) > settings.maxKeySize: | 1619 if len(publicKey) > settings.maxKeySize: |
1614 for result in self._sendError(AlertDescription.handshake_failure, | 1620 for result in self._sendError(AlertDescription.handshake_failure, |
1615 "Other party's public key too large: %d" % len(publicKey)): | 1621 "Other party's public key too large: %d" % len(publicKey)): |
1616 yield result | 1622 yield result |
1617 | 1623 |
1618 yield publicKey, certChain | 1624 yield publicKey, certChain |
OLD | NEW |