Switch to SSL version 3 as the channel encryption protocol. As of http://docs.python.org/dev/library/ssl.html this is the maximally compatible SSL variant.
This commit is contained in:
parent
b03483868b
commit
10449444dd
|
@ -249,13 +249,12 @@ class NonBlockingTLS(PlugIn):
|
||||||
"SSL_CB_ALERT": 0x4000,
|
"SSL_CB_ALERT": 0x4000,
|
||||||
"SSL_CB_HANDSHAKE_START": 0x10, "SSL_CB_HANDSHAKE_DONE": 0x20}
|
"SSL_CB_HANDSHAKE_START": 0x10, "SSL_CB_HANDSHAKE_DONE": 0x20}
|
||||||
|
|
||||||
def PlugIn(self, owner):
|
def plugin(self, owner):
|
||||||
'''
|
'''
|
||||||
Use to PlugIn TLS into transport and start establishing immediately
|
Use to PlugIn TLS into transport and start establishing immediately
|
||||||
Returns True if TLS/SSL was established correctly, otherwise False.
|
Returns True if TLS/SSL was established correctly, otherwise False.
|
||||||
'''
|
'''
|
||||||
log.info('Starting TLS estabilishing')
|
log.info('Starting TLS estabilishing')
|
||||||
PlugIn.PlugIn(self, owner)
|
|
||||||
try:
|
try:
|
||||||
res = self._startSSL()
|
res = self._startSSL()
|
||||||
except Exception, e:
|
except Exception, e:
|
||||||
|
@ -328,9 +327,8 @@ class NonBlockingTLS(PlugIn):
|
||||||
def _startSSL_pyOpenSSL(self):
|
def _startSSL_pyOpenSSL(self):
|
||||||
log.debug("_startSSL_pyOpenSSL called")
|
log.debug("_startSSL_pyOpenSSL called")
|
||||||
tcpsock = self._owner
|
tcpsock = self._owner
|
||||||
# FIXME: should method be configurable?
|
# See http://docs.python.org/dev/library/ssl.html
|
||||||
#tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD)
|
tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv3_METHOD)
|
||||||
tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
|
|
||||||
tcpsock.ssl_errnum = 0
|
tcpsock.ssl_errnum = 0
|
||||||
tcpsock._sslContext.set_verify(OpenSSL.SSL.VERIFY_PEER,
|
tcpsock._sslContext.set_verify(OpenSSL.SSL.VERIFY_PEER,
|
||||||
self._ssl_verify_callback)
|
self._ssl_verify_callback)
|
||||||
|
|
Loading…
Reference in New Issue