add some code to allow testing using some pre-existing certificates.

TODO: manually handle handshake states to allow non-blocking I/O
This commit is contained in:
Zhenchao Li 2010-07-27 21:29:12 +08:00
parent e9af72e944
commit 2b603fd7e1
3 changed files with 27 additions and 3 deletions

View File

@ -199,7 +199,7 @@ class JingleFileTransfer(JingleContent):
port = gajim.config.get('file_transfers_port')
listener = gajim.socks5queue.start_listener(port, sha_str,
self._store_socks5_sid, self.file_props['sid'])
self._store_socks5_sid, self.file_props['sid'], fingerprint = 'server')
if not listener:
return
@ -209,7 +209,8 @@ class JingleFileTransfer(JingleContent):
if not gajim.socks5queue.get_file_props(self.session.connection.name, self.file_props['sid']):
gajim.socks5queue.add_file_props(self.session.connection.name, self.file_props)
gajim.socks5queue.connect_to_hosts(self.session.connection.name, self.file_props['sid'],
self.send_candidate_used, self._on_connect_error)
self.send_candidate_used, self._on_connect_error,
fingerprint = 'client')
elif not self.weinitiate and self.state == STATE_ACCEPTED: # transport-info iq-result
self.state = STATE_TRANSPORT_INFO
elif self.weinitiate and self.state == STATE_INITIALIZED: # proxy activated

View File

@ -16,6 +16,8 @@
## along with Gajim. If not, see <http://www.gnu.org/licenses/>.
##
import os
import logging
log = logging.getLogger('gajim.c.jingle_xtls')
@ -36,8 +38,16 @@ def get_context(fingerprint, verify_cb=None):
"""
constructs and returns the context objects
"""
ctx = SSL.Context(TLSv1_METHOD)
ctx = SSL.Context(SSL.TLSv1_METHOD)
ctx.set_verify(SSL.VERIFY_PEER|SSL.VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb or default_callback)
# TODO: set private key, set certificate, set verification path
if fingerprint == 'server': # for testing purposes only
ctx.use_privatekey_file (os.path.expanduser('~/certs/server.pkey'))
ctx.use_certificate_file(os.path.expanduser('~/certs/server.cert'))
ctx.load_verify_locations(os.path.expanduser('~/certs/CA.cert'))
elif fingerprint == 'client':
ctx.use_privatekey_file (os.path.expanduser('~/certs/client.pkey'))
ctx.use_certificate_file(os.path.expanduser('~/certs/client.cert'))
ctx.load_verify_locations(os.path.expanduser('~/certs/CA.cert'))
return ctx

View File

@ -36,6 +36,11 @@ from errno import EINPROGRESS
from errno import EAFNOSUPPORT
from xmpp.idlequeue import IdleObject
import jingle_xtls
if jingle_xtls.PYOPENSSL_PRESENT:
import OpenSSL
import logging
log = logging.getLogger('gajim.c.socks5')
@ -867,12 +872,16 @@ class Socks5Listener(IdleObject):
self.started = False
self._sock = None
self.fd = -1
self.fingerprint = fingerprint
def bind(self):
for ai in self.ais:
# try the different possibilities (ipv6, ipv4, etc.)
try:
self._serv = socket.socket(*ai[:3])
if not self.fingerprint is None:
self._serv = OpenSSL.SSL.Connection(
jingle_xtls.get_context('server'), self._serv)
except socket.error, e:
if e.args[0] == EAFNOSUPPORT:
self.ai = None
@ -949,6 +958,7 @@ class Socks5Receiver(Socks5, IdleObject):
self.streamhost = streamhost
self.queue = None
self.file_props = file_props
self.fingerprint = fingerprint
self.connect_timeout = 0
self.connected = False
self.pauses = 0
@ -992,6 +1002,9 @@ class Socks5Receiver(Socks5, IdleObject):
for ai in self.ais:
try:
self._sock = socket.socket(*ai[:3])
if not self.fingerprint is None:
self._sock = OpenSSL.SSL.Connection(
jingle_xtls.get_context('client'), self._sock)
# this will not block the GUI
self._sock.setblocking(False)
self._server = ai[4]