Rezzect/syncplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

startTLS: client-side verification of the certifi bundle

Browse Source
This commit is contained in:
Alberto Sottile 2019-02-11 16:37:30 +01:00
parent 24cb681acd
commit 23f4d686f2
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
syncplay/client.py
View File

@ -19,7 +19,7 @@ from twisted.application.internet import ClientService
try: try:
import certifi import certifi
from twisted.internet.ssl import optionsForClientTLS from twisted.internet.ssl import Certificate, optionsForClientTLS
os.environ['SSL_CERT_FILE'] = certifi.where() os.environ['SSL_CERT_FILE'] = certifi.where()
except: except:
pass pass
@ -715,9 +715,13 @@ class SyncplayClient(object):
port = int(port) port = int(port)
self._endpoint = HostnameEndpoint(reactor, host, port) self._endpoint = HostnameEndpoint(reactor, host, port)
try: try:
caCertFP = open(certifi.where())
caCertTwisted = Certificate.loadPEM(caCertFP.read())
caCertFP.close()
self.protocolFactory.options = optionsForClientTLS(hostname=host) self.protocolFactory.options = optionsForClientTLS(hostname=host)
self._clientSupportsTLS = True self._clientSupportsTLS = True
except Exception as e: except Exception as e:
self.ui.showDebugMessage(str(e))
self.protocolFactory.options = None self.protocolFactory.options = None
self._clientSupportsTLS = False self._clientSupportsTLS = False