Collect SSL options into an SSLOptions object
Also split SSL cert specifications from SSL service mode - we can now enter SSL service mode through a proxy CONNECT request as well.
This commit is contained in:
parent
3886ccae93
commit
1e932e7045
|
@ -8,6 +8,13 @@ logger = logging.getLogger('pathod')
|
||||||
class PathodError(Exception): pass
|
class PathodError(Exception): pass
|
||||||
|
|
||||||
|
|
||||||
|
class SSLOptions:
|
||||||
|
def __init__(self, certfile=None, keyfile=None, not_after_connect=None):
|
||||||
|
self.keyfile = keyfile or utils.data.path("resources/server.key")
|
||||||
|
self.certfile = certfile or utils.data.path("resources/server.crt")
|
||||||
|
self.not_after_connect = not_after_connect
|
||||||
|
|
||||||
|
|
||||||
class PathodHandler(tcp.BaseHandler):
|
class PathodHandler(tcp.BaseHandler):
|
||||||
wbufsize = 0
|
wbufsize = 0
|
||||||
sni = None
|
sni = None
|
||||||
|
@ -144,11 +151,11 @@ class PathodHandler(tcp.BaseHandler):
|
||||||
self.info("\n".join(s))
|
self.info("\n".join(s))
|
||||||
|
|
||||||
def handle(self):
|
def handle(self):
|
||||||
if self.server.ssloptions and not self.server.ssloptions["ssl_after_connect"]:
|
if self.server.ssl:
|
||||||
try:
|
try:
|
||||||
self.convert_to_ssl(
|
self.convert_to_ssl(
|
||||||
self.server.ssloptions["certfile"],
|
self.server.ssloptions.certfile,
|
||||||
self.server.ssloptions["keyfile"],
|
self.server.ssloptions.keyfile,
|
||||||
)
|
)
|
||||||
except tcp.NetLibError, v:
|
except tcp.NetLibError, v:
|
||||||
s = str(v)
|
s = str(v)
|
||||||
|
@ -182,7 +189,7 @@ class PathodHandler(tcp.BaseHandler):
|
||||||
class Pathod(tcp.TCPServer):
|
class Pathod(tcp.TCPServer):
|
||||||
LOGBUF = 500
|
LOGBUF = 500
|
||||||
def __init__( self,
|
def __init__( self,
|
||||||
addr, ssloptions=None, craftanchor="/p/", staticdir=None, anchors=None,
|
addr, ssl=False, ssloptions=None, craftanchor="/p/", staticdir=None, anchors=None,
|
||||||
sizelimit=None, noweb=False, nocraft=False, noapi=False, nohang=False,
|
sizelimit=None, noweb=False, nocraft=False, noapi=False, nohang=False,
|
||||||
timeout=None, logreq=False, logresp=False, explain=False, hexdump=False
|
timeout=None, logreq=False, logresp=False, explain=False, hexdump=False
|
||||||
):
|
):
|
||||||
|
@ -199,7 +206,8 @@ class Pathod(tcp.TCPServer):
|
||||||
nohang: Disable pauses.
|
nohang: Disable pauses.
|
||||||
"""
|
"""
|
||||||
tcp.TCPServer.__init__(self, addr)
|
tcp.TCPServer.__init__(self, addr)
|
||||||
self.ssloptions = ssloptions
|
self.ssl = ssl
|
||||||
|
self.ssloptions = ssloptions or SSLOptions()
|
||||||
self.staticdir = staticdir
|
self.staticdir = staticdir
|
||||||
self.craftanchor = craftanchor
|
self.craftanchor = craftanchor
|
||||||
self.sizelimit = sizelimit
|
self.sizelimit = sizelimit
|
||||||
|
|
|
@ -71,17 +71,9 @@ class _PaThread(threading.Thread):
|
||||||
self.daemonargs = daemonargs
|
self.daemonargs = daemonargs
|
||||||
|
|
||||||
def run(self):
|
def run(self):
|
||||||
if self.ssl is True:
|
|
||||||
ssloptions = dict(
|
|
||||||
keyfile = utils.data.path("resources/server.key"),
|
|
||||||
certfile = utils.data.path("resources/server.crt"),
|
|
||||||
ssl_after_connect = False
|
|
||||||
)
|
|
||||||
else:
|
|
||||||
ssloptions = self.ssl
|
|
||||||
self.server = pathod.Pathod(
|
self.server = pathod.Pathod(
|
||||||
(self.iface, 0),
|
(self.iface, 0),
|
||||||
ssloptions = ssloptions,
|
ssl = self.ssl,
|
||||||
**self.daemonargs
|
**self.daemonargs
|
||||||
)
|
)
|
||||||
self.q.put(self.server.port)
|
self.q.put(self.server.port)
|
||||||
|
|
20
pathod
20
pathod
|
@ -35,14 +35,11 @@ def main(parser, args):
|
||||||
if any(sl) and not all(sl):
|
if any(sl) and not all(sl):
|
||||||
parser.error("Both --certfile and --keyfile must be specified.")
|
parser.error("Both --certfile and --keyfile must be specified.")
|
||||||
|
|
||||||
if args.ssl:
|
ssloptions = pathod.SSLOptions(
|
||||||
ssloptions = dict(
|
keyfile = args.ssl_keyfile,
|
||||||
keyfile = args.ssl_keyfile or utils.data.path("resources/server.key"),
|
certfile = args.ssl_certfile,
|
||||||
certfile = args.ssl_certfile or utils.data.path("resources/server.crt"),
|
not_after_connect = args.ssl_not_after_connect
|
||||||
ssl_after_connect = args.ssl_after_connect
|
)
|
||||||
)
|
|
||||||
else:
|
|
||||||
ssloptions = None
|
|
||||||
|
|
||||||
alst = []
|
alst = []
|
||||||
for i in args.anchors:
|
for i in args.anchors:
|
||||||
|
@ -82,6 +79,7 @@ def main(parser, args):
|
||||||
pd = pathod.Pathod(
|
pd = pathod.Pathod(
|
||||||
(args.address, args.port),
|
(args.address, args.port),
|
||||||
craftanchor = args.craftanchor,
|
craftanchor = args.craftanchor,
|
||||||
|
ssl = args.ssl,
|
||||||
ssloptions = ssloptions,
|
ssloptions = ssloptions,
|
||||||
staticdir = args.staticdir,
|
staticdir = args.staticdir,
|
||||||
anchors = alst,
|
anchors = alst,
|
||||||
|
@ -158,12 +156,12 @@ if __name__ == "__main__":
|
||||||
'SSL',
|
'SSL',
|
||||||
)
|
)
|
||||||
group.add_argument(
|
group.add_argument(
|
||||||
"-C", dest='ssl_after_connect', default=False, action="store_true",
|
"-C", dest='ssl_not_after_connect', default=False, action="store_true",
|
||||||
help='Expect SSL after a CONNECT request.'
|
help="Don't expect SSL after a CONNECT request."
|
||||||
)
|
)
|
||||||
group.add_argument(
|
group.add_argument(
|
||||||
"-s", dest='ssl', default=False, action="store_true",
|
"-s", dest='ssl', default=False, action="store_true",
|
||||||
help='Serve with SSL.'
|
help='Run in HTTPS mode.'
|
||||||
)
|
)
|
||||||
group.add_argument(
|
group.add_argument(
|
||||||
"--keyfile", dest='ssl_keyfile', default=None, type=str,
|
"--keyfile", dest='ssl_keyfile', default=None, type=str,
|
||||||
|
|
Loading…
Reference in New Issue