better sslversion handling
This commit is contained in:
Maximilian Hils
parent
dd317aa5d2
commit
08b630f83a
|
|
@ -140,6 +140,7 @@ class Pathoc(tcp.TCPClient):
|
||||||
ssl=None,
|
ssl=None,
|
||||||
sni=None,
|
sni=None,
|
||||||
ssl_version=tcp.SSL_DEFAULT_METHOD,
|
ssl_version=tcp.SSL_DEFAULT_METHOD,
|
||||||
|
ssl_options=tcp.SSL_DEFAULT_OPTIONS,
|
||||||
clientcert=None,
|
clientcert=None,
|
||||||
ciphers=None,
|
ciphers=None,
|
||||||
|
|
||||||
|
|
@ -179,6 +180,7 @@ class Pathoc(tcp.TCPClient):
|
||||||
self.ssl, self.sni = ssl, sni
|
self.ssl, self.sni = ssl, sni
|
||||||
self.clientcert = clientcert
|
self.clientcert = clientcert
|
||||||
self.ssl_version = ssl_version
|
self.ssl_version = ssl_version
|
||||||
|
self.ssl_options = ssl_options
|
||||||
self.ciphers = ciphers
|
self.ciphers = ciphers
|
||||||
self.sslinfo = None
|
self.sslinfo = None
|
||||||
|
|
||||||
|
|
@ -294,6 +296,7 @@ class Pathoc(tcp.TCPClient):
|
||||||
sni=self.sni,
|
sni=self.sni,
|
||||||
cert=self.clientcert,
|
cert=self.clientcert,
|
||||||
method=self.ssl_version,
|
method=self.ssl_version,
|
||||||
|
options=self.ssl_options,
|
||||||
cipher_list=self.ciphers,
|
cipher_list=self.ciphers,
|
||||||
alpn_protos=alpn_protos
|
alpn_protos=alpn_protos
|
||||||
)
|
)
|
||||||
|
|
@ -473,6 +476,7 @@ def main(args): # pragma: nocover
|
||||||
ssl=args.ssl,
|
ssl=args.ssl,
|
||||||
sni=args.sni,
|
sni=args.sni,
|
||||||
ssl_version=args.ssl_version,
|
ssl_version=args.ssl_version,
|
||||||
|
ssl_options=args.ssl_options,
|
||||||
clientcert=args.clientcert,
|
clientcert=args.clientcert,
|
||||||
ciphers=args.ciphers,
|
ciphers=args.ciphers,
|
||||||
use_http2=args.use_http2,
|
use_http2=args.use_http2,
|
||||||
|
|
|
||||||
|
|
@ -109,12 +109,10 @@ def args_pathoc(argv, stdout=sys.stdout, stderr=sys.stderr):
|
||||||
help="SSL cipher specification"
|
help="SSL cipher specification"
|
||||||
)
|
)
|
||||||
group.add_argument(
|
group.add_argument(
|
||||||
"--ssl-version", dest="ssl_version", type=str, default=tcp.SSL_DEFAULT_VERSION,
|
"--ssl-version", dest="ssl_version", type=str, default="secure",
|
||||||
choices=tcp.SSL_VERSIONS.keys(),
|
choices=tcp.sslversion_choices.keys(),
|
||||||
help=""""
|
help="Set supported SSL/TLS versions. "
|
||||||
Use a specified protocol:
|
"SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
|
||||||
TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2, SSLv23.
|
|
||||||
Default to SSLv23."""
|
|
||||||
)
|
)
|
||||||
|
|
||||||
group = parser.add_argument_group(
|
group = parser.add_argument_group(
|
||||||
|
|
@ -163,7 +161,7 @@ def args_pathoc(argv, stdout=sys.stdout, stderr=sys.stderr):
|
||||||
|
|
||||||
args = parser.parse_args(argv[1:])
|
args = parser.parse_args(argv[1:])
|
||||||
|
|
||||||
args.ssl_version = tcp.SSL_VERSIONS[args.ssl_version]
|
args.ssl_version, args.ssl_options = tcp.sslversion_choices[args.ssl_version]
|
||||||
|
|
||||||
args.port = None
|
args.port = None
|
||||||
if ":" in args.host:
|
if ":" in args.host:
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,7 @@ class SSLOptions(object):
|
||||||
not_after_connect=None,
|
not_after_connect=None,
|
||||||
request_client_cert=False,
|
request_client_cert=False,
|
||||||
ssl_version=tcp.SSL_DEFAULT_METHOD,
|
ssl_version=tcp.SSL_DEFAULT_METHOD,
|
||||||
|
ssl_options=tcp.SSL_DEFAULT_OPTIONS,
|
||||||
ciphers=None,
|
ciphers=None,
|
||||||
certs=None,
|
certs=None,
|
||||||
alpn_select=http2.HTTP2Protocol.ALPN_PROTO_H2,
|
alpn_select=http2.HTTP2Protocol.ALPN_PROTO_H2,
|
||||||
|
|
@ -48,6 +49,7 @@ class SSLOptions(object):
|
||||||
self.not_after_connect = not_after_connect
|
self.not_after_connect = not_after_connect
|
||||||
self.request_client_cert = request_client_cert
|
self.request_client_cert = request_client_cert
|
||||||
self.ssl_version = ssl_version
|
self.ssl_version = ssl_version
|
||||||
|
self.ssl_options = ssl_options
|
||||||
self.ciphers = ciphers
|
self.ciphers = ciphers
|
||||||
self.alpn_select = alpn_select
|
self.alpn_select = alpn_select
|
||||||
self.certstore = certutils.CertStore.from_store(
|
self.certstore = certutils.CertStore.from_store(
|
||||||
|
|
@ -243,6 +245,7 @@ class PathodHandler(tcp.BaseHandler):
|
||||||
request_client_cert=self.server.ssloptions.request_client_cert,
|
request_client_cert=self.server.ssloptions.request_client_cert,
|
||||||
cipher_list=self.server.ssloptions.ciphers,
|
cipher_list=self.server.ssloptions.ciphers,
|
||||||
method=self.server.ssloptions.ssl_version,
|
method=self.server.ssloptions.ssl_version,
|
||||||
|
options=self.server.ssloptions.ssl_options,
|
||||||
alpn_select=self.server.ssloptions.alpn_select,
|
alpn_select=self.server.ssloptions.alpn_select,
|
||||||
)
|
)
|
||||||
except tcp.NetLibError as v:
|
except tcp.NetLibError as v:
|
||||||
|
|
@ -435,6 +438,7 @@ def main(args): # pragma: nocover
|
||||||
not_after_connect=args.ssl_not_after_connect,
|
not_after_connect=args.ssl_not_after_connect,
|
||||||
ciphers=args.ciphers,
|
ciphers=args.ciphers,
|
||||||
ssl_version=args.ssl_version,
|
ssl_version=args.ssl_version,
|
||||||
|
ssl_options=args.ssl_options,
|
||||||
certs=args.ssl_certs,
|
certs=args.ssl_certs,
|
||||||
sans=args.sans,
|
sans=args.sans,
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -139,12 +139,10 @@ def args_pathod(argv, stdout_=sys.stdout, stderr_=sys.stderr):
|
||||||
"""
|
"""
|
||||||
)
|
)
|
||||||
group.add_argument(
|
group.add_argument(
|
||||||
"--ssl-version", dest="ssl_version", type=str, default=tcp.SSL_DEFAULT_VERSION,
|
"--ssl-version", dest="ssl_version", type=str, default="secure",
|
||||||
choices=tcp.SSL_VERSIONS.keys(),
|
choices=tcp.sslversion_choices.keys(),
|
||||||
help=""""
|
help="Set supported SSL/TLS versions. "
|
||||||
Use a specified protocol:
|
"SSLv2, SSLv3 and 'all' are INSECURE. Defaults to secure, which is TLS1.0+."
|
||||||
TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2, SSLv23.
|
|
||||||
Default to SSLv23."""
|
|
||||||
)
|
)
|
||||||
|
|
||||||
group = parser.add_argument_group(
|
group = parser.add_argument_group(
|
||||||
|
|
@ -182,7 +180,7 @@ def args_pathod(argv, stdout_=sys.stdout, stderr_=sys.stderr):
|
||||||
|
|
||||||
args = parser.parse_args(argv[1:])
|
args = parser.parse_args(argv[1:])
|
||||||
|
|
||||||
args.ssl_version = tcp.SSL_VERSIONS[args.ssl_version]
|
args.ssl_version, args.ssl_options = tcp.sslversion_choices[args.ssl_version]
|
||||||
|
|
||||||
certs = []
|
certs = []
|
||||||
for i in args.ssl_certs:
|
for i in args.ssl_certs:
|
||||||
|
|
|
||||||
|
|
@ -60,6 +60,7 @@ class HTTPProtocol:
|
||||||
request_client_cert=self.pathod_handler.server.ssloptions.request_client_cert,
|
request_client_cert=self.pathod_handler.server.ssloptions.request_client_cert,
|
||||||
cipher_list=self.pathod_handler.server.ssloptions.ciphers,
|
cipher_list=self.pathod_handler.server.ssloptions.ciphers,
|
||||||
method=self.pathod_handler.server.ssloptions.ssl_version,
|
method=self.pathod_handler.server.ssloptions.ssl_version,
|
||||||
|
options=self.pathod_handler.server.ssloptions.ssl_options,
|
||||||
alpn_select=self.pathod_handler.server.ssloptions.alpn_select,
|
alpn_select=self.pathod_handler.server.ssloptions.alpn_select,
|
||||||
)
|
)
|
||||||
except tcp.NetLibError as v:
|
except tcp.NetLibError as v:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue