Rezzect/syncplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

startTLS: get server certificate only after handshake

Browse Source
This commit is contained in:
Alberto Sottile 2019-02-07 12:46:42 +01:00
parent 93052b4b95
commit cecb8c9b7b
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
syncplay/protocols.py
View File

@ -4,6 +4,8 @@ import time
from functools import wraps
from twisted.protocols.basic import LineReceiver
from twisted.internet.interfaces import IHandshakeListener
from zope.interface.declarations import implementer
import syncplay
from syncplay.constants import PING_MOVING_AVERAGE_WEIGHT, CONTROLLED_ROOMS_MIN_VERSION, USER_READY_MIN_VERSION, SHARED_PLAYLIST_MIN_VERSION, CHAT_MIN_VERSION
@ -61,6 +63,7 @@ class JSONCommandProtocol(LineReceiver):
raise NotImplementedError()
@implementer(IHandshakeListener)
class SyncClientProtocol(JSONCommandProtocol):
def __init__(self, client):
self._client = client
@ -91,6 +94,8 @@ class SyncClientProtocol(JSONCommandProtocol):
self._client._serverSupportsTLS = False
elif "certificate verify failed" in str(reason.value):
self._client._serverSupportsTLS = False
elif "tlsv1 alert protocol version" in str(reason.value):
self._client._clientSupportsTLS = False
except:
pass
self._client.destroyProtocol()
@ -329,12 +334,20 @@ class SyncClientProtocol(JSONCommandProtocol):
answer = message["startTLS"] if "startTLS" in message else None
if "true" in answer and not self.logged and self._client.protocolFactory.options is not None:
self.transport.startTLS(self._client.protocolFactory.options)
TLSConnVersion = self.transport.protocol._tlsConnection.get_protocol_version_name()
self._client.ui.showMessage(getMessage("startTLS-secure-connection-ok").format(TLSConnVersion))
elif "false" in answer:
self._client.ui.showErrorMessage(getMessage("startTLS-not-supported-server"))
self.sendHello()
def handshakeCompleted(self):
self._serverCertificateTLS = self.transport.getPeerCertificate()
self._subjectTLS = self._serverCertificateTLS.get_subject().CN
self._issuerTLS = self._serverCertificateTLS.get_issuer().CN
self._expiredTLS =self._serverCertificateTLS.has_expired()
self._expireDateTLS = self._serverCertificateTLS.get_notAfter()
self._connVersionTLS = self.transport.protocol._tlsConnection.get_protocol_version_name()
self._client.ui.showMessage(getMessage("startTLS-secure-connection-ok").format(self._connVersionTLS))
class SyncServerProtocol(JSONCommandProtocol):
def __init__(self, factory):
self._factory = factory