Rezzect/syncplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

startTLS: get server certificate only after handshake

Browse Source
This commit is contained in:
Alberto Sottile 2019-02-07 12:46:42 +01:00
parent 93052b4b95
commit cecb8c9b7b
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
syncplay/protocols.py
View File

@ -4,6 +4,8 @@ import time
from functools import wraps from functools import wraps
from twisted.protocols.basic import LineReceiver from twisted.protocols.basic import LineReceiver
from twisted.internet.interfaces import IHandshakeListener
from zope.interface.declarations import implementer
import syncplay import syncplay
from syncplay.constants import PING_MOVING_AVERAGE_WEIGHT, CONTROLLED_ROOMS_MIN_VERSION, USER_READY_MIN_VERSION, SHARED_PLAYLIST_MIN_VERSION, CHAT_MIN_VERSION from syncplay.constants import PING_MOVING_AVERAGE_WEIGHT, CONTROLLED_ROOMS_MIN_VERSION, USER_READY_MIN_VERSION, SHARED_PLAYLIST_MIN_VERSION, CHAT_MIN_VERSION
@ -61,6 +63,7 @@ class JSONCommandProtocol(LineReceiver):
raise NotImplementedError() raise NotImplementedError()
@implementer(IHandshakeListener)
class SyncClientProtocol(JSONCommandProtocol): class SyncClientProtocol(JSONCommandProtocol):
def __init__(self, client): def __init__(self, client):
self._client = client self._client = client
@ -91,6 +94,8 @@ class SyncClientProtocol(JSONCommandProtocol):
self._client._serverSupportsTLS = False self._client._serverSupportsTLS = False
elif "certificate verify failed" in str(reason.value): elif "certificate verify failed" in str(reason.value):
self._client._serverSupportsTLS = False self._client._serverSupportsTLS = False
elif "tlsv1 alert protocol version" in str(reason.value):
self._client._clientSupportsTLS = False
except: except:
pass pass
self._client.destroyProtocol() self._client.destroyProtocol()
@ -329,12 +334,20 @@ class SyncClientProtocol(JSONCommandProtocol):
answer = message["startTLS"] if "startTLS" in message else None answer = message["startTLS"] if "startTLS" in message else None
if "true" in answer and not self.logged and self._client.protocolFactory.options is not None: if "true" in answer and not self.logged and self._client.protocolFactory.options is not None:
self.transport.startTLS(self._client.protocolFactory.options) self.transport.startTLS(self._client.protocolFactory.options)
TLSConnVersion = self.transport.protocol._tlsConnection.get_protocol_version_name()
self._client.ui.showMessage(getMessage("startTLS-secure-connection-ok").format(TLSConnVersion))
elif "false" in answer: elif "false" in answer:
self._client.ui.showErrorMessage(getMessage("startTLS-not-supported-server")) self._client.ui.showErrorMessage(getMessage("startTLS-not-supported-server"))
self.sendHello() self.sendHello()
def handshakeCompleted(self):
self._serverCertificateTLS = self.transport.getPeerCertificate()
self._subjectTLS = self._serverCertificateTLS.get_subject().CN
self._issuerTLS = self._serverCertificateTLS.get_issuer().CN
self._expiredTLS =self._serverCertificateTLS.has_expired()
self._expireDateTLS = self._serverCertificateTLS.get_notAfter()
self._connVersionTLS = self.transport.protocol._tlsConnection.get_protocol_version_name()
self._client.ui.showMessage(getMessage("startTLS-secure-connection-ok").format(self._connVersionTLS))
class SyncServerProtocol(JSONCommandProtocol): class SyncServerProtocol(JSONCommandProtocol):
def __init__(self, factory): def __init__(self, factory):
self._factory = factory self._factory = factory