Switch to SSL version 3 as the channel encryption protocol. As of http://docs.python.org/dev/library/ssl.html this is the maximally compatible SSL variant.

This commit is contained in:
Stephan Erb 2009-01-08 16:14:26 +00:00
parent b03483868b
commit 10449444dd
1 changed files with 3 additions and 5 deletions

View File

@ -249,13 +249,12 @@ class NonBlockingTLS(PlugIn):
"SSL_CB_ALERT": 0x4000, "SSL_CB_ALERT": 0x4000,
"SSL_CB_HANDSHAKE_START": 0x10, "SSL_CB_HANDSHAKE_DONE": 0x20} "SSL_CB_HANDSHAKE_START": 0x10, "SSL_CB_HANDSHAKE_DONE": 0x20}
def PlugIn(self, owner): def plugin(self, owner):
''' '''
Use to PlugIn TLS into transport and start establishing immediately Use to PlugIn TLS into transport and start establishing immediately
Returns True if TLS/SSL was established correctly, otherwise False. Returns True if TLS/SSL was established correctly, otherwise False.
''' '''
log.info('Starting TLS estabilishing') log.info('Starting TLS estabilishing')
PlugIn.PlugIn(self, owner)
try: try:
res = self._startSSL() res = self._startSSL()
except Exception, e: except Exception, e:
@ -328,9 +327,8 @@ class NonBlockingTLS(PlugIn):
def _startSSL_pyOpenSSL(self): def _startSSL_pyOpenSSL(self):
log.debug("_startSSL_pyOpenSSL called") log.debug("_startSSL_pyOpenSSL called")
tcpsock = self._owner tcpsock = self._owner
# FIXME: should method be configurable? # See http://docs.python.org/dev/library/ssl.html
#tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.TLSv1_METHOD) tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv3_METHOD)
tcpsock._sslContext = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
tcpsock.ssl_errnum = 0 tcpsock.ssl_errnum = 0
tcpsock._sslContext.set_verify(OpenSSL.SSL.VERIFY_PEER, tcpsock._sslContext.set_verify(OpenSSL.SSL.VERIFY_PEER,
self._ssl_verify_callback) self._ssl_verify_callback)