kommentare eingefügt, fehlerbehandlung geändert
This commit is contained in:
parent
e79258b8be
commit
b6acaa08a8
1 changed files with 18 additions and 11 deletions
|
@ -58,6 +58,7 @@ class SetStatus:
|
||||||
|
|
||||||
def check_status(self):
|
def check_status(self):
|
||||||
"""
|
"""
|
||||||
|
checkes, if the self.status variable is a valid value
|
||||||
return: boolean
|
return: boolean
|
||||||
"""
|
"""
|
||||||
if self.status in ('0', '1'):
|
if self.status in ('0', '1'):
|
||||||
|
@ -68,6 +69,8 @@ class SetStatus:
|
||||||
|
|
||||||
def set_config(self):
|
def set_config(self):
|
||||||
"""
|
"""
|
||||||
|
Tries to read and use the values from the configuration file. If
|
||||||
|
this failes, we still use the default values.
|
||||||
"""
|
"""
|
||||||
self.log = logging.getLogger()
|
self.log = logging.getLogger()
|
||||||
# read config file
|
# read config file
|
||||||
|
@ -89,7 +92,8 @@ class SetStatus:
|
||||||
|
|
||||||
def check_certs(self, certs):
|
def check_certs(self, certs):
|
||||||
"""
|
"""
|
||||||
Check if certs readable.
|
Check if certs are readable.
|
||||||
|
return: boolean
|
||||||
"""
|
"""
|
||||||
self.log.debug('Check certificates')
|
self.log.debug('Check certificates')
|
||||||
for certfile in certs:
|
for certfile in certs:
|
||||||
|
@ -111,25 +115,28 @@ class SetStatus:
|
||||||
|
|
||||||
def create_ssl_context(self):
|
def create_ssl_context(self):
|
||||||
"""
|
"""
|
||||||
|
Creates SSL context
|
||||||
|
return: context object or false
|
||||||
"""
|
"""
|
||||||
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH,
|
try:
|
||||||
cafile=self.config['server']['cert'])
|
context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
|
||||||
if not context:
|
except Exception as e:
|
||||||
self.log.error('Failed to create SSL Context')
|
self.log.error('Failed to create SSL Context')
|
||||||
return False
|
return False
|
||||||
|
context.load_verify_locations(cafile=self.config['server']['cert'])
|
||||||
|
context.load_cert_chain(certfile=self.config['client']['cert'],
|
||||||
|
keyfile=self.config['client']['key'])
|
||||||
context.set_ciphers('EECDH+AESGCM') # only ciphers for tls 1.2 and 1.3
|
context.set_ciphers('EECDH+AESGCM') # only ciphers for tls 1.2 and 1.3
|
||||||
context.options |= getattr(ssl._ssl, 'OP_NO_COMPRESSION', 0)
|
context.options |= getattr(ssl._ssl, 'OP_NO_COMPRESSION', 0)
|
||||||
try:
|
|
||||||
context.load_cert_chain(certfile=self.config['client']['cert'],
|
|
||||||
keyfile=self.config['client']['key'])
|
|
||||||
except Exception as e:
|
|
||||||
self.log.error('Failed to load cert chain')
|
|
||||||
return False;
|
|
||||||
self.log.debug('SSL context created')
|
self.log.debug('SSL context created')
|
||||||
return context
|
return context
|
||||||
|
|
||||||
def create_ssl_socket(self, config, context):
|
def create_ssl_socket(self, config, context):
|
||||||
"""
|
"""
|
||||||
|
Opens a socket and wrapes the socket into the given ssl context.
|
||||||
|
param1: dictionary
|
||||||
|
param2: ssl context
|
||||||
|
return: ssl-socket or false
|
||||||
"""
|
"""
|
||||||
bare_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
|
bare_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
|
||||||
if not bare_socket:
|
if not bare_socket:
|
||||||
|
@ -210,7 +217,7 @@ class SetStatus:
|
||||||
if self.context is False:
|
if self.context is False:
|
||||||
exit(3)
|
exit(3)
|
||||||
|
|
||||||
# get connection
|
# get a ssl encrypted connection
|
||||||
self.connection = self.create_ssl_connection()
|
self.connection = self.create_ssl_connection()
|
||||||
|
|
||||||
# send status
|
# send status
|
||||||
|
|
Loading…
Reference in a new issue