From 894f9ddee685d1cc114c5613531ec51fd1f01bb6 Mon Sep 17 00:00:00 2001 From: Alberto Sottile Date: Sun, 3 Feb 2019 16:40:50 +0100 Subject: [PATCH] TLS: server listens on TLS via IPv4 --- server.crt | 26 ++++++++++++++++++++++++++ server.key | 27 +++++++++++++++++++++++++++ syncplayServer.py | 25 ++++++++++++++++++++----- 3 files changed, 73 insertions(+), 5 deletions(-) create mode 100644 server.crt create mode 100644 server.key diff --git a/server.crt b/server.crt new file mode 100644 index 0000000..b302fd6 --- /dev/null +++ b/server.crt @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEcjCCA1qgAwIBAgIJAJe1HOCC73ylMA0GCSqGSIb3DQEBCwUAMHExCzAJBgNV +BAYTAlBMMQ0wCwYDVQQIDAROb25lMQ0wCwYDVQQHDAROb25lMREwDwYDVQQKDAhT +eW5jcGxheTERMA8GA1UEAwwIU3luY3BsYXkxHjAcBgkqhkiG9w0BCQEWD2RldkBz +eW5jcGxheS5wbDAeFw0xOTAyMDMxNTM2MDdaFw0yMDAyMDMxNTM2MDdaMHExCzAJ +BgNVBAYTAlBMMQ0wCwYDVQQIDAROb25lMQ0wCwYDVQQHDAROb25lMREwDwYDVQQK +DAhTeW5jcGxheTERMA8GA1UEAwwIU3luY3BsYXkxHjAcBgkqhkiG9w0BCQEWD2Rl +dkBzeW5jcGxheS5wbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM7S +L3L0Mhf+5pMnSRUGQnxN89o+7aKtQ7Lf/rIGrFFjLNOOcTeWuod/x/MjDw5sP7HP +xQFb0/pAdm7VS5L/GJpWBQiHvB3VndyZ3CazQRs2NOus9CLBtoMh480dz/oiqed+ +XxkhD3hVyRDSkqz+QPNwj5b64FhYo9ocnOZwKJ3KvWBPDPV1wzIiCBh7YB2V/78f +K4qHaX6QVUvruxwpHp/Iw+JMHACBTRND5gXGo7vb/6g8AnKmypy+nS0iFbNasq5p +G5UFFb6T9jcQ7OfHvPOa9b3wFD/R3bi+dOyboST/BUd5j1+sJhrvEGI+fK6zIA11 +uwOasVEekv5I/z2jtG8CAwEAAaOCAQswggEHMIGNBgNVHSMEgYUwgYKhdaRzMHEx +CzAJBgNVBAYTAlBMMQ0wCwYDVQQIDAROb25lMQ0wCwYDVQQHDAROb25lMREwDwYD +VQQKDAhTeW5jcGxheTERMA8GA1UEAwwIU3luY3BsYXkxHjAcBgkqhkiG9w0BCQEW +D2RldkBzeW5jcGxheS5wbIIJAJe1HOCC73ylMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgTwMF0GA1UdEQRWMFSCUjxzcGVjaWZ5LXRoZS1zYW1lLWNvbW1vbi1uYW1lLXRo +YXQteW91LXVzZWQtd2hpbGUtZ2VuZXJhdGluZy1jc3ItaW4tdGhlLWxhc3Qtc3Rl +cD4wDQYJKoZIhvcNAQELBQADggEBAI+jWXb3nRYS1aOUduiF7VAVIaouYRPgkdb8 +p/W0S36KZ7jJXIQurXxx2znjtdC60qwBjJSqLnI1D6lWP6SdX8LMCNmJjtO/dZaX +zoTDqBEcjXp7Up17Zi2liCtYNYAFDdEX9wWMhrg26gY/IccBwm2wKD+B6MfOBTJc +/DRrp4cf/XcUCoNRCmU6JDFABKc63fK2Tr3ClTrXq2qYTaR4xIVu6EUAJGE+zMja +rOT4vXzvAPPHCf03uYCm8jagoxX9Qi7NyAWnyJOgO0DNnhKyxe1MZEkQV1X8m1ko +BVdikLM5hUHIzI2+5Q7o4jr2CHb5oL5OF4PUypwfeRe+PzoI9qs= +-----END CERTIFICATE----- diff --git a/server.key b/server.key new file mode 100644 index 0000000..4b08fd3 --- /dev/null +++ b/server.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEAztIvcvQyF/7mkydJFQZCfE3z2j7toq1Dst/+sgasUWMs045x +N5a6h3/H8yMPDmw/sc/FAVvT+kB2btVLkv8YmlYFCIe8HdWd3JncJrNBGzY066z0 +IsG2gyHjzR3P+iKp535fGSEPeFXJENKSrP5A83CPlvrgWFij2hyc5nAoncq9YE8M +9XXDMiIIGHtgHZX/vx8riodpfpBVS+u7HCken8jD4kwcAIFNE0PmBcaju9v/qDwC +cqbKnL6dLSIVs1qyrmkblQUVvpP2NxDs58e885r1vfAUP9HduL507JuhJP8FR3mP +X6wmGu8QYj58rrMgDXW7A5qxUR6S/kj/PaO0bwIDAQABAoIBAQCdeVQ/hseNlbwi +V0tCAt4kn4YIqtltf9eIHx1il8okvgqnmlGCLfYgrZ6k9hDEvo9Q6A3sluq0JNkI +UseUST+GY/C5KgCGBtyH127U2K+99Gwe9jV9MVmyRt+YkhaFMleDt6jZDV8mFMtf +T7X2mjECKrZqEuM24WcA78BXhRan7RMl77ZQFrFNn+TccFItNUoeP75vD+5aLeH+ +ovWbMM3EaSFMPKoOZ3yJ78IEtD1B61DLOjZNlYsli7phmJR0veb8GHhllDovZ6ru +d5k56r5AqFLSV5Xp29Z0+8mbVOjlgDZ5EYYdyyo0KKX3sADtR2f2/ktIZuFPQFsC +nXbKnRVhAoGBAPeI9ft1B5htUdukb7IUcrdLoPv2cl9uw7e/kUemTO51Uk3QSnex +LUYe5JHoQDBdG7tN88xJLzp/ybH8+SublSrwnF7lqs+TRE3NGI05SIprpMIV2dAo +A+/6icg2jqeGt7ZZv2Ge9VzcxuxwmO5hkx51OlulBuEzdzGOfr/KdZ1jAoGBANXk +y4iQ145V1EkelwZZtMfZH8PZXp7ZVdF2vWG4HDV5frOwIanVtm5VEOW683gJsDnk +9+emRtzd0bm5wjy0K784VWzY/JODzxTgkaBgb1qxoHJv8xdzyo/F3n5WjalOnDQ5 +Y2uBDRj9tMKcZGX9yfnDik4ostT9KRUfy+xhXlCFAoGBAJhw2EvLfqn4aPkDA2aA +AUWwZavF0hnDdPSsHSQq3iXcSptxMusTSfZtAAZ7KUyfinyHPSUJzPQRzny2dhzM +68hN9X7boZ3D68SeEgimxm24bPa5zjHK8uHPQRrzvladOHYsPxg3dJODw13I2eW0 +YY3YU+AseVgnAbibMKOcY2JRAoGBAM4m91iHqYpBBRr4Rb1UJp5bkXcVAVJ+zGzX +Uc5mQaH0mH6dasSi+3K5wFB68IAoblZObfUx2Ki1jpbACAqz6Foj9Im1VTLkXmmT +zCfT6l9yRd8mMRjQfFI39qqzx1OANaNMEJujxTjqBhdv3oBCrDFzGtEb/sizu63l +eIk6i0l1AoGBAPRicQrL3fQ0Ig7O6Oc59Rs2I2FCioGTm4m6PMJzhTQQIkaBHxco +Vd8wWQCbZDdP/8o0uh/qvBey0fuGp9ff0k4rOUJtHTI0YlzdJzAEVyuPt+Z+heXc +KSsqIL/+WFL8pNO0wX0dycVEwSZnZ45wBskTGFZjv9c4Q0rdQBru9QWd +-----END RSA PRIVATE KEY----- diff --git a/syncplayServer.py b/syncplayServer.py index 0b27c47..e3eca96 100755 --- a/syncplayServer.py +++ b/syncplayServer.py @@ -13,11 +13,25 @@ except AttributeError: import warnings warnings.warn("You must run Syncplay with Python 3.4 or newer!") -from twisted.internet import reactor -from twisted.internet.endpoints import TCP4ServerEndpoint, TCP6ServerEndpoint +from OpenSSL import crypto +from twisted.internet import reactor, ssl +from twisted.internet.endpoints import TCP4ServerEndpoint, SSL4ServerEndpoint, TCP6ServerEndpoint from syncplay.server import SyncFactory, ConfigurationGetter +with open('server.crt', 'r') as f: + cert_data = f.read() +with open('server.key', 'r') as f: + key_data = f.read() + +cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_data) +key = crypto.load_privatekey(crypto.FILETYPE_PEM, key_data) +options = ssl.CertificateOptions( + privateKey=key, + certificate=cert, + acceptableProtocols=[b'h2'], +) + if __name__ == '__main__': argsGetter = ConfigurationGetter() args = argsGetter.getConfiguration() @@ -33,8 +47,9 @@ if __name__ == '__main__': args.max_username_length, args.stats_db_file ) - endpoint4 = TCP4ServerEndpoint(reactor, int(args.port)) + #endpoint4 = TCP4ServerEndpoint(reactor, int(args.port)) + endpoint4 = SSL4ServerEndpoint(reactor, int(args.port), options) endpoint4.listen(factory) - endpoint6 = TCP6ServerEndpoint(reactor, int(args.port)) - endpoint6.listen(factory) + #endpoint6 = TCP6ServerEndpoint(reactor, int(args.port)) + #endpoint6.listen(factory) reactor.run()