TLS: support chain.pem files containing more than one intermediate cert

2019-06-23 04:49:58 +02:00 · 2019-06-23 04:49:58 +02:00 · 06dc9aff5e
commit 06dc9aff5e
parent bcc3cbf44c
1 changed files with 25 additions and 1 deletions
--- a/syncplay/server.py
+++ b/syncplay/server.py
@ -209,6 +209,30 @@ class SyncFactory(Factory):
        else:
            watcher.setPlaylistIndex(room.getName(), room.getPlaylistIndex())

+    def _splitPEMCerts(self, pem):
+        begin = '-----BEGIN CERTIFICATE-----'
+        end = '-----END CERTIFICATE-----'
+        certs = []
+        while True:
+            # skip until next begin line if exists
+            parts = pem.split(begin, 1)
+            if len(parts) > 1:
+                pem = begin + parts[1]
+                # skip until next end line if exists
+                parts = pem.split('-----END CERTIFICATE-----', 1)
+                if len(parts) > 1:
+                    # found a cert, add it
+                    certs.append(parts[0] + end) 
+                    # remainder of file
+                    pem = parts[1] 
+                else:
+                    # missing end line ... invalid file
+                    break
+            else:
+                # no more certs, done
+                break
+        return certs
+
    def _allowTLSconnections(self, path):
        try:
            privKey = open(path+'/privkey.pem', 'rt').read()
@ -219,7 +243,7 @@ class SyncFactory(Factory):

            privKeyPySSL = crypto.load_privatekey(crypto.FILETYPE_PEM, privKey)
            certifPySSL = crypto.load_certificate(crypto.FILETYPE_PEM, certif)
-            chainPySSL = [crypto.load_certificate(crypto.FILETYPE_PEM, chain)]
+            chainPySSL = [crypto.load_certificate(crypto.FILETYPE_PEM, cert) for cert in self._splitPEMCerts(chain)]

            cipherListString = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"\
                               "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"\