debugausgaben für den ssl-context hinzu
This commit is contained in:
parent
5f3bb44c7b
commit
58d9c327c9
1 changed files with 41 additions and 21 deletions
|
@ -43,35 +43,51 @@ def print_config(config):
|
|||
for i in config[section]:
|
||||
logging.debug(' {}: {}'.format(i, config[section][i]))
|
||||
|
||||
|
||||
def print_ciphers(cipherlist):
|
||||
'''
|
||||
Prints the list of allowed ciphers.
|
||||
param1: dictionary
|
||||
return: boolean
|
||||
'''
|
||||
print('Available ciphers')
|
||||
logging.debug('Available ciphers')
|
||||
for i in cipherlist:
|
||||
print('\n')
|
||||
for j in i.keys():
|
||||
print('{}: {}'.format(j, i[j]))
|
||||
print('\n')
|
||||
if j in ('name', 'protocol'):
|
||||
logging.debug('{}: {}'.format(j, i[j]))
|
||||
|
||||
def print_context(ctx):
|
||||
'''
|
||||
Prints the ssl settings for the given ssl context.
|
||||
param1: context object
|
||||
'''
|
||||
logging.debug('----------- context ----------------')
|
||||
logging.debug('Minimum version ssl: {}'.format(ctx.minimum_version))
|
||||
logging.debug('Maximum version ssl: {}'.format(ctx.maximum_version))
|
||||
logging.debug('SSL options enabled: {}'.format(ctx.options))
|
||||
logging.debug('Protocol: {}'.format(ctx.protocol))
|
||||
logging.debug('Verify flags certificates: {}'.format(ctx.verify_flags))
|
||||
logging.debug('Verify mode: {}'.format(ctx.verify_mode))
|
||||
print_ciphers(ctx.get_ciphers())
|
||||
logging.debug('------------------------------------')
|
||||
|
||||
def display_peercert(cert):
|
||||
'''
|
||||
Displays the values of a given certificate.
|
||||
param1: dictionary
|
||||
return: boolean
|
||||
param1: dictionary or none
|
||||
'''
|
||||
for i in cert.keys():
|
||||
print('{}:'.format(i))
|
||||
if i in ('subject', 'issuer'):
|
||||
for j in cert[i]:
|
||||
print('\t{}'.format(j))
|
||||
else:
|
||||
print('\t{}'.format(cert[i]))
|
||||
|
||||
if cert == None:
|
||||
logging.debug('Peer does not offer a certificate')
|
||||
elif len(cert) == 0:
|
||||
logging.debug('Peer certificate was not valid')
|
||||
else:
|
||||
logging.debug('Peer certificate commonName: {}'.format(
|
||||
cert['subject'][5][0][1]))
|
||||
logging.debug('Peer certificate serialNumber: {}'.format(
|
||||
cert['serialNumber']))
|
||||
logging.debug('Peer certificate notBefore: {}'.format(
|
||||
cert['notBefore']))
|
||||
logging.debug('Peer certificate notAfter: {}'.format(
|
||||
cert['notAfter']))
|
||||
|
||||
def receive_buffer_is_valid(raw_data):
|
||||
'''
|
||||
|
@ -225,12 +241,11 @@ def main():
|
|||
context.load_cert_chain(certfile=config['server']['cert'],
|
||||
keyfile=config['server']['key'])
|
||||
context.load_verify_locations(cafile=config['client']['cert'])
|
||||
context.set_ciphers('EECDH+AESGCM') # only ciphers for tls 1.2 and 1.3
|
||||
context.options = ssl.OP_CIPHER_SERVER_PREFERENCE
|
||||
# ensure, compression is disabled (disabled by default anyway at the moment)
|
||||
context.options |= ssl.OP_NO_COMPRESSION
|
||||
logging.debug('SSL context created')
|
||||
# print_ciphers(context.get_ciphers())
|
||||
print_context(context)
|
||||
|
||||
with socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) as mySocket:
|
||||
logging.debug('Socket created')
|
||||
|
@ -263,13 +278,18 @@ def main():
|
|||
conn.settimeout(float(config['general']['timeout']))
|
||||
except socket.timeout:
|
||||
logging.error('Socket timeout')
|
||||
continue
|
||||
except Exception as e:
|
||||
logging.error('Connection failed: {}'.format(e))
|
||||
continue
|
||||
logging.info('Connection established')
|
||||
logging.info('Peer certificate commonName: {}'.format(
|
||||
conn.getpeercert()['subject'][5][0][1]))
|
||||
logging.debug('Peer certificate serialNumber: {}'.format(
|
||||
conn.getpeercert()['serialNumber']))
|
||||
try:
|
||||
cert = conn.getpeercert(binary_form=False)
|
||||
display_peercert(cert)
|
||||
except ValueError:
|
||||
logging.debug('SSL handshake has not been done yet')
|
||||
except Exception as e:
|
||||
logging.debug('Unexpected error: {}'.format(e))
|
||||
|
||||
raw_data = conn.recv(1)
|
||||
if receive_buffer_is_valid(raw_data) is True:
|
||||
|
|
Loading…
Reference in a new issue