From 9e59a8500bd8f168d554e5cc0fb31be2dc8e3cdc Mon Sep 17 00:00:00 2001 From: Alberto Sottile Date: Thu, 7 Feb 2019 12:46:42 +0100 Subject: [PATCH] startTLS: get server certificate only after handshake --- syncplay/protocols.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/syncplay/protocols.py b/syncplay/protocols.py index 0c65e6c..11d3e91 100755 --- a/syncplay/protocols.py +++ b/syncplay/protocols.py @@ -94,6 +94,8 @@ class SyncClientProtocol(JSONCommandProtocol): self._client._serverSupportsTLS = False elif "certificate verify failed" in str(reason.value): self._client._serverSupportsTLS = False + elif "tlsv1 alert protocol version" in str(reason.value): + self._client._clientSupportsTLS = False except: pass self._client.destroyProtocol() @@ -332,12 +334,20 @@ class SyncClientProtocol(JSONCommandProtocol): answer = message["startTLS"] if "startTLS" in message else None if "true" in answer and not self.logged and self._client.protocolFactory.options is not None: self.transport.startTLS(self._client.protocolFactory.options) - TLSConnVersion = self.transport.protocol._tlsConnection.get_protocol_version_name() - self._client.ui.showMessage(getMessage("startTLS-secure-connection-ok").format(TLSConnVersion)) elif "false" in answer: self._client.ui.showErrorMessage(getMessage("startTLS-not-supported-server")) self.sendHello() + def handshakeCompleted(self): + self._serverCertificateTLS = self.transport.getPeerCertificate() + self._subjectTLS = self._serverCertificateTLS.get_subject().CN + self._issuerTLS = self._serverCertificateTLS.get_issuer().CN + self._expiredTLS =self._serverCertificateTLS.has_expired() + self._expireDateTLS = self._serverCertificateTLS.get_notAfter() + self._connVersionTLS = self.transport.protocol._tlsConnection.get_protocol_version_name() + self._client.ui.showMessage(getMessage("startTLS-secure-connection-ok").format(self._connVersionTLS)) + + class SyncServerProtocol(JSONCommandProtocol): def __init__(self, factory): self._factory = factory