From b6acaa08a831f64b1cd17523752985b050a0f721 Mon Sep 17 00:00:00 2001 From: example Date: Wed, 6 Apr 2022 10:39:15 +0200 Subject: [PATCH] =?UTF-8?q?kommentare=20eingef=C3=BCgt,=20fehlerbehandlung?= =?UTF-8?q?=20ge=C3=A4ndert?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- source/server/setstatus.py | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/source/server/setstatus.py b/source/server/setstatus.py index e0a36d2..eb9f3cf 100755 --- a/source/server/setstatus.py +++ b/source/server/setstatus.py @@ -58,6 +58,7 @@ class SetStatus: def check_status(self): """ + checkes, if the self.status variable is a valid value return: boolean """ if self.status in ('0', '1'): @@ -68,6 +69,8 @@ class SetStatus: def set_config(self): """ + Tries to read and use the values from the configuration file. If + this failes, we still use the default values. """ self.log = logging.getLogger() # read config file @@ -89,7 +92,8 @@ class SetStatus: def check_certs(self, certs): """ - Check if certs readable. + Check if certs are readable. + return: boolean """ self.log.debug('Check certificates') for certfile in certs: @@ -111,25 +115,28 @@ class SetStatus: def create_ssl_context(self): """ + Creates SSL context + return: context object or false """ - context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, - cafile=self.config['server']['cert']) - if not context: + try: + context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH) + except Exception as e: self.log.error('Failed to create SSL Context') return False + context.load_verify_locations(cafile=self.config['server']['cert']) + context.load_cert_chain(certfile=self.config['client']['cert'], + keyfile=self.config['client']['key']) context.set_ciphers('EECDH+AESGCM') # only ciphers for tls 1.2 and 1.3 context.options |= getattr(ssl._ssl, 'OP_NO_COMPRESSION', 0) - try: - context.load_cert_chain(certfile=self.config['client']['cert'], - keyfile=self.config['client']['key']) - except Exception as e: - self.log.error('Failed to load cert chain') - return False; self.log.debug('SSL context created') return context def create_ssl_socket(self, config, context): """ + Opens a socket and wrapes the socket into the given ssl context. + param1: dictionary + param2: ssl context + return: ssl-socket or false """ bare_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) if not bare_socket: @@ -210,7 +217,7 @@ class SetStatus: if self.context is False: exit(3) - # get connection + # get a ssl encrypted connection self.connection = self.create_ssl_connection() # send status