From cb05cb787ac2edb3de738ea9ce45fc9b646a98cc Mon Sep 17 00:00:00 2001 From: +++ Date: Mon, 22 Jun 2020 11:32:36 +0200 Subject: [PATCH] setstatus.py: add check if certs readable --- setstatus.py | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/setstatus.py b/setstatus.py index 5ede31f..4b8e6a7 100755 --- a/setstatus.py +++ b/setstatus.py @@ -12,11 +12,12 @@ import argparse import socket import ssl import sys +import os def main(): - parser = argparse.ArgumentParser(description="Set door status of - Krautspace.") + description = "Set door status of Krautspace" + parser = argparse.ArgumentParser(description=description) parser.add_argument("status_code", help="status to set", type=int, choices=(0, 1)) args = parser.parse_args() @@ -31,12 +32,21 @@ def main(): STATUS = None RESPONSE = None - context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, + print('Check certs') + for certfile in (CLIENT_CERT, CLIENT_KEY, SERVER_CERT): + if os.access(certfile, os.R_OK) is False: + print('Failed to read cert: {}'.format(certfile)) + sys.exit(1) + try: + context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile=SERVER_CERT) - context.set_ciphers('EECDH+AESGCM') # only ciphers for tls 1.2 and 1.3 - context.options |= getattr(ssl._ssl, 'OP_NO_COMPRESSION', 0) - context.load_cert_chain(certfile=CLIENT_CERT, keyfile=CLIENT_KEY) - print('SSL context created') + context.load_cert_chain(certfile=CLIENT_CERT, keyfile=CLIENT_KEY) + context.set_ciphers('EECDH+AESGCM') # only ciphers for tls 1.2 and 1.3 + context.options |= getattr(ssl._ssl, 'OP_NO_COMPRESSION', 0) + print('SSL context created') + except Exception as e: + print('Failed to create ssl context: {}'.format(e)) + sys.exit(2) with socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) as mySocket: print('Socket created') @@ -54,14 +64,14 @@ def main(): print('Connection timeout') except Exception as e: print('Connection failed: {}'.format(e)) - sys.exit(1) + sys.exit(3) try: print('Send new status: {}'.format(STATUS)) conn.send(STATUS) except Exception as e: print('Error: {}'.format(e)) - sys.exit(2) + sys.exit(4) try: RESPONSE = conn.recv(1) @@ -73,7 +83,7 @@ def main(): print('Disconnect from server') except Exception as e: print('Error: {}'.format(e)) - sys.exit(3) + sys.exit(5) if __name__ == '__main__':