Rezzect/syncplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

startTLS: avoid retrying TLS connection if hostname is an IP address

Browse Source
This commit is contained in:
Alberto Sottile 2019-02-04 17:50:07 +01:00
parent 7910ddec15
commit 81e0a20047
3 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
syncplay/client.py
View File

@ -714,10 +714,14 @@ class SyncplayClient(object):
if '[' in host: if '[' in host:
host = host.strip('[]') host = host.strip('[]')
port = int(port) port = int(port)
with open('cert/server.crt') as cert_file:
trust_root = Certificate.loadPEM(cert_file.read())
self._endpoint = HostnameEndpoint(reactor, host, port) self._endpoint = HostnameEndpoint(reactor, host, port)
self.protocolFactory.options = optionsForClientTLS(hostname=host, trustRoot = trust_root) try:
with open('cert/server.crt') as cert_file:
trust_root = Certificate.loadPEM(cert_file.read())
self.protocolFactory.options = optionsForClientTLS(hostname=host, trustRoot = trust_root)
except Exception as e:
self.protocolFactory.options = None
self._serverSupportsTLS = False
def retry(retries): def retry(retries):
self._lastGlobalUpdate = None self._lastGlobalUpdate = None

6
syncplay/protocols.py
View File

@ -81,16 +81,13 @@ class SyncClientProtocol(JSONCommandProtocol):
self.sendTLS({"startTLS": "send"}) self.sendTLS({"startTLS": "send"})
self._client.ui.showMessage("Attempting secure connection") self._client.ui.showMessage("Attempting secure connection")
else: else:
self._client.ui.showErrorMessage("This server does not support TLS")
self.sendHello() self.sendHello()
def connectionLost(self, reason): def connectionLost(self, reason):
try: try:
if "Invalid DNS-ID" in str(reason.value): if "Invalid DNS-ID" in str(reason.value):
self._client._serverSupportsTLS = False self._client._serverSupportsTLS = False
elif "certificate verify failed" in str(reason.value):
self._client._serverSupportsTLS = False
elif "tlsv1 alert protocol version" in str(reason.value):
self._client._clientSupportsTLS = False
except: except:
pass pass
self._client.destroyProtocol() self._client.destroyProtocol()
@ -315,7 +312,6 @@ class SyncClientProtocol(JSONCommandProtocol):
def handleError(self, error): def handleError(self, error):
if "startTLS" in error["message"] and not self.logged: if "startTLS" in error["message"] and not self.logged:
self._client.ui.showErrorMessage("This server does not support TLS")
self._client._serverSupportsTLS = False self._client._serverSupportsTLS = False
else: else:
self.dropWithError(error["message"]) self.dropWithError(error["message"])

1
syncplayServer.py
View File

@ -13,7 +13,6 @@ except AttributeError:
import warnings import warnings
warnings.warn("You must run Syncplay with Python 3.4 or newer!") warnings.warn("You must run Syncplay with Python 3.4 or newer!")
from OpenSSL import crypto
from twisted.internet import reactor from twisted.internet import reactor
from twisted.internet.endpoints import TCP4ServerEndpoint, TCP6ServerEndpoint from twisted.internet.endpoints import TCP4ServerEndpoint, TCP6ServerEndpoint