add some code to allow testing using some pre-existing certificates.
TODO: manually handle handshake states to allow non-blocking I/O
This commit is contained in:
parent
e9af72e944
commit
2b603fd7e1
|
@ -199,7 +199,7 @@ class JingleFileTransfer(JingleContent):
|
||||||
port = gajim.config.get('file_transfers_port')
|
port = gajim.config.get('file_transfers_port')
|
||||||
|
|
||||||
listener = gajim.socks5queue.start_listener(port, sha_str,
|
listener = gajim.socks5queue.start_listener(port, sha_str,
|
||||||
self._store_socks5_sid, self.file_props['sid'])
|
self._store_socks5_sid, self.file_props['sid'], fingerprint = 'server')
|
||||||
|
|
||||||
if not listener:
|
if not listener:
|
||||||
return
|
return
|
||||||
|
@ -209,7 +209,8 @@ class JingleFileTransfer(JingleContent):
|
||||||
if not gajim.socks5queue.get_file_props(self.session.connection.name, self.file_props['sid']):
|
if not gajim.socks5queue.get_file_props(self.session.connection.name, self.file_props['sid']):
|
||||||
gajim.socks5queue.add_file_props(self.session.connection.name, self.file_props)
|
gajim.socks5queue.add_file_props(self.session.connection.name, self.file_props)
|
||||||
gajim.socks5queue.connect_to_hosts(self.session.connection.name, self.file_props['sid'],
|
gajim.socks5queue.connect_to_hosts(self.session.connection.name, self.file_props['sid'],
|
||||||
self.send_candidate_used, self._on_connect_error)
|
self.send_candidate_used, self._on_connect_error,
|
||||||
|
fingerprint = 'client')
|
||||||
elif not self.weinitiate and self.state == STATE_ACCEPTED: # transport-info iq-result
|
elif not self.weinitiate and self.state == STATE_ACCEPTED: # transport-info iq-result
|
||||||
self.state = STATE_TRANSPORT_INFO
|
self.state = STATE_TRANSPORT_INFO
|
||||||
elif self.weinitiate and self.state == STATE_INITIALIZED: # proxy activated
|
elif self.weinitiate and self.state == STATE_INITIALIZED: # proxy activated
|
||||||
|
|
|
@ -16,6 +16,8 @@
|
||||||
## along with Gajim. If not, see <http://www.gnu.org/licenses/>.
|
## along with Gajim. If not, see <http://www.gnu.org/licenses/>.
|
||||||
##
|
##
|
||||||
|
|
||||||
|
import os
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
log = logging.getLogger('gajim.c.jingle_xtls')
|
log = logging.getLogger('gajim.c.jingle_xtls')
|
||||||
|
|
||||||
|
@ -36,8 +38,16 @@ def get_context(fingerprint, verify_cb=None):
|
||||||
"""
|
"""
|
||||||
constructs and returns the context objects
|
constructs and returns the context objects
|
||||||
"""
|
"""
|
||||||
ctx = SSL.Context(TLSv1_METHOD)
|
ctx = SSL.Context(SSL.TLSv1_METHOD)
|
||||||
ctx.set_verify(SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb or default_callback)
|
ctx.set_verify(SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb or default_callback)
|
||||||
# TODO: set private key, set certificate, set verification path
|
# TODO: set private key, set certificate, set verification path
|
||||||
|
if fingerprint == 'server': # for testing purposes only
|
||||||
|
ctx.use_privatekey_file (os.path.expanduser('~/certs/server.pkey'))
|
||||||
|
ctx.use_certificate_file(os.path.expanduser('~/certs/server.cert'))
|
||||||
|
ctx.load_verify_locations(os.path.expanduser('~/certs/CA.cert'))
|
||||||
|
elif fingerprint == 'client':
|
||||||
|
ctx.use_privatekey_file (os.path.expanduser('~/certs/client.pkey'))
|
||||||
|
ctx.use_certificate_file(os.path.expanduser('~/certs/client.cert'))
|
||||||
|
ctx.load_verify_locations(os.path.expanduser('~/certs/CA.cert'))
|
||||||
return ctx
|
return ctx
|
||||||
|
|
||||||
|
|
|
@ -36,6 +36,11 @@ from errno import EINPROGRESS
|
||||||
from errno import EAFNOSUPPORT
|
from errno import EAFNOSUPPORT
|
||||||
from xmpp.idlequeue import IdleObject
|
from xmpp.idlequeue import IdleObject
|
||||||
|
|
||||||
|
import jingle_xtls
|
||||||
|
|
||||||
|
if jingle_xtls.PYOPENSSL_PRESENT:
|
||||||
|
import OpenSSL
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
log = logging.getLogger('gajim.c.socks5')
|
log = logging.getLogger('gajim.c.socks5')
|
||||||
|
|
||||||
|
@ -867,12 +872,16 @@ class Socks5Listener(IdleObject):
|
||||||
self.started = False
|
self.started = False
|
||||||
self._sock = None
|
self._sock = None
|
||||||
self.fd = -1
|
self.fd = -1
|
||||||
|
self.fingerprint = fingerprint
|
||||||
|
|
||||||
def bind(self):
|
def bind(self):
|
||||||
for ai in self.ais:
|
for ai in self.ais:
|
||||||
# try the different possibilities (ipv6, ipv4, etc.)
|
# try the different possibilities (ipv6, ipv4, etc.)
|
||||||
try:
|
try:
|
||||||
self._serv = socket.socket(*ai[:3])
|
self._serv = socket.socket(*ai[:3])
|
||||||
|
if not self.fingerprint is None:
|
||||||
|
self._serv = OpenSSL.SSL.Connection(
|
||||||
|
jingle_xtls.get_context('server'), self._serv)
|
||||||
except socket.error, e:
|
except socket.error, e:
|
||||||
if e.args[0] == EAFNOSUPPORT:
|
if e.args[0] == EAFNOSUPPORT:
|
||||||
self.ai = None
|
self.ai = None
|
||||||
|
@ -949,6 +958,7 @@ class Socks5Receiver(Socks5, IdleObject):
|
||||||
self.streamhost = streamhost
|
self.streamhost = streamhost
|
||||||
self.queue = None
|
self.queue = None
|
||||||
self.file_props = file_props
|
self.file_props = file_props
|
||||||
|
self.fingerprint = fingerprint
|
||||||
self.connect_timeout = 0
|
self.connect_timeout = 0
|
||||||
self.connected = False
|
self.connected = False
|
||||||
self.pauses = 0
|
self.pauses = 0
|
||||||
|
@ -992,6 +1002,9 @@ class Socks5Receiver(Socks5, IdleObject):
|
||||||
for ai in self.ais:
|
for ai in self.ais:
|
||||||
try:
|
try:
|
||||||
self._sock = socket.socket(*ai[:3])
|
self._sock = socket.socket(*ai[:3])
|
||||||
|
if not self.fingerprint is None:
|
||||||
|
self._sock = OpenSSL.SSL.Connection(
|
||||||
|
jingle_xtls.get_context('client'), self._sock)
|
||||||
# this will not block the GUI
|
# this will not block the GUI
|
||||||
self._sock.setblocking(False)
|
self._sock.setblocking(False)
|
||||||
self._server = ai[4]
|
self._server = ai[4]
|
||||||
|
|
Loading…
Reference in New Issue