diff --git a/README.md b/README.md index 2a3348a64..7b0fb09e4 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ - python3-gi-cairo - gir1.2-gtk-3.0 (>=3.22) - python3-nbxmpp (>=0.9.90.4) -- python3-openssl (>=0.14) +- python3-openssl (>=16.2) - python3-cssutils (>=1.0.2) - python3-keyring - python3-precis-i18n diff --git a/gajim/common/connection.py b/gajim/common/connection.py index 9bcf1049f..313e73ead 100644 --- a/gajim/common/connection.py +++ b/gajim/common/connection.py @@ -1170,17 +1170,6 @@ class Connection(CommonConnection, ConnectionHandlers): app.nec.push_incoming_event(OurShowEvent(None, conn=self, show='offline')) return False - if _con_type in ('tls', 'ssl') and con.Connection.ssl_lib != 'PYOPENSSL' \ - and app.config.get_per('accounts', self.name, - 'warn_when_insecure_ssl_connection') and \ - not self.connection_auto_accepted: - # Pyopenssl is not used - app.nec.push_incoming_event( - NetworkEvent('insecure-ssl-connection', - conn=self, - xmpp_client=con, - conn_type=_con_type)) - return True return self.connection_accepted(con, con_type) def connection_accepted(self, con, con_type): diff --git a/gajim/common/jingle_content.py b/gajim/common/jingle_content.py index 92c1f3b4d..a6ca90a8d 100644 --- a/gajim/common/jingle_content.py +++ b/gajim/common/jingle_content.py @@ -230,12 +230,8 @@ class JingleContent: configpaths.get('MY_CERT'), SELF_SIGNED_CERTIFICATE) + '.cert' cert = load_cert_file(certpath) if cert: - try: - digest_algo = (cert.get_signature_algorithm() - .decode('utf-8').split('With')[0]) - except AttributeError: - # Old py-OpenSSL is missing get_signature_algorithm - digest_algo = "sha256" + digest_algo = (cert.get_signature_algorithm() + .decode('utf-8').split('With')[0]) security.addChild('fingerprint').addData(cert.digest( digest_algo).decode('utf-8')) for m in ('x509', ): # supported authentication methods diff --git a/gajim/common/jingle_ft.py b/gajim/common/jingle_ft.py index 7705be854..ab618ca25 100644 --- a/gajim/common/jingle_ft.py +++ b/gajim/common/jingle_ft.py @@ -116,12 +116,11 @@ class JingleFileTransfer(JingleContent): State.CAND_SENT_AND_RECEIVED : StateCandSentAndRecv(self) } - if jingle_xtls.PYOPENSSL_PRESENT: - cert_name = os.path.join(configpaths.get('MY_CERT'), - jingle_xtls.SELF_SIGNED_CERTIFICATE) - if not (os.path.exists(cert_name + '.cert') - and os.path.exists(cert_name + '.pkey')): - jingle_xtls.make_certs(cert_name, 'gajim') + cert_name = os.path.join(configpaths.get('MY_CERT'), + jingle_xtls.SELF_SIGNED_CERTIFICATE) + if not (os.path.exists(cert_name + '.cert') + and os.path.exists(cert_name + '.pkey')): + jingle_xtls.make_certs(cert_name, 'gajim') def __state_changed(self, nextstate, args=None): # Executes the next state action and sets the next state diff --git a/gajim/common/jingle_xtls.py b/gajim/common/jingle_xtls.py index 00ec38b09..c25813f7f 100644 --- a/gajim/common/jingle_xtls.py +++ b/gajim/common/jingle_xtls.py @@ -15,15 +15,14 @@ import logging import os +from OpenSSL import SSL, crypto + import nbxmpp from gajim.common import app from gajim.common import configpaths log = logging.getLogger('gajim.c.jingle_xtls') - -PYOPENSSL_PRESENT = False - # key-exchange id -> [callback, args], accept that session once key-exchange completes pending_contents = {} @@ -36,16 +35,8 @@ def approve_pending_content(id_): args = pending_contents[id_][1] cb(*args) -try: - import OpenSSL.SSL - PYOPENSSL_PRESENT = True -except ImportError: - log.info("PyOpenSSL not available") - -if PYOPENSSL_PRESENT: - from OpenSSL import SSL, crypto - TYPE_RSA = crypto.TYPE_RSA - TYPE_DSA = crypto.TYPE_DSA +TYPE_RSA = crypto.TYPE_RSA +TYPE_DSA = crypto.TYPE_DSA SELF_SIGNED_CERTIFICATE = 'localcert' DH_PARAMS = 'dh_params.pem' @@ -76,13 +67,12 @@ def load_cert_file(cert_path, cert_store=None): elif 'END CERTIFICATE' in line and begin > -1: cert = ''.join(lines[begin:i+2]) try: - x509cert = OpenSSL.crypto.load_certificate( - OpenSSL.crypto.FILETYPE_PEM, cert) + x509cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert) if cert_store: cert_store.add_cert(x509cert) f.close() return x509cert - except OpenSSL.crypto.Error as exception_obj: + except crypto.Error as exception_obj: log.warning('Unable to load a certificate from file %s: %s', cert_path, exception_obj.args[0][0][2]) except Exception: @@ -190,12 +180,8 @@ def check_cert(jid, fingerprint): if os.path.exists(certpath): cert = load_cert_file(certpath) if cert: - try: - digest_algo = cert.get_signature_algorithm().decode('utf-8').\ - split('With')[0] - except AttributeError: - # Old py-OpenSSL is missing get_signature_algorithm - digest_algo = "sha256" + digest_algo = cert.get_signature_algorithm().decode('utf-8')\ + .split('With')[0] if cert.digest(digest_algo) == fingerprint: return True return False diff --git a/setup.cfg b/setup.cfg index 14eb8dcf1..783e3459a 100644 --- a/setup.cfg +++ b/setup.cfg @@ -24,7 +24,7 @@ install_requires = keyring nbxmpp>=0.9.90.4 precis-i18n>=1.0.0 - pyOpenSSL>=0.12 + pyOpenSSL>=16.2 [options.package_data] gajim =