accept ssl certs signed by CA
This commit is contained in:
parent
d2709fac71
commit
8ca42bbf43
|
@ -117,7 +117,7 @@ class TcpInterface(threading.Thread):
|
|||
queue.put((self, {'method':method, 'params':params, 'result':result, 'id':_id}))
|
||||
|
||||
|
||||
def start_tcp(self):
|
||||
def get_socket(self):
|
||||
|
||||
if self.proxy is not None:
|
||||
socks.setdefaultproxy(self.proxy_mode, self.proxy["host"], int(self.proxy["port"]))
|
||||
|
@ -147,6 +147,15 @@ class TcpInterface(threading.Thread):
|
|||
s = None
|
||||
continue
|
||||
|
||||
# first try with ca
|
||||
try:
|
||||
ca_certs = os.path.join(self.config.path, 'ca', 'ca-bundle.crt')
|
||||
s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_REQUIRED, ca_certs=ca_certs, do_handshake_on_connect=True)
|
||||
print_error("SSL with ca:", self.host)
|
||||
return s
|
||||
except ssl.SSLError, e:
|
||||
pass
|
||||
|
||||
try:
|
||||
s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_NONE, ca_certs=None)
|
||||
except ssl.SSLError, e:
|
||||
|
@ -235,11 +244,7 @@ class TcpInterface(threading.Thread):
|
|||
print_error("saving certificate for", self.host)
|
||||
os.rename(temporary_path, cert_path)
|
||||
|
||||
s.settimeout(60)
|
||||
self.s = s
|
||||
self.is_connected = True
|
||||
print_error("connected to", self.host, self.port)
|
||||
self.pipe = util.SocketPipe(s)
|
||||
return s
|
||||
|
||||
|
||||
def send_request(self, request, queue=None):
|
||||
|
@ -289,7 +294,13 @@ class TcpInterface(threading.Thread):
|
|||
threading.Thread.start(self)
|
||||
|
||||
def run(self):
|
||||
self.start_tcp()
|
||||
self.s = self.get_socket()
|
||||
if self.s:
|
||||
self.s.settimeout(60)
|
||||
self.is_connected = True
|
||||
print_error("connected to", self.host, self.port)
|
||||
self.pipe = util.SocketPipe(self.s)
|
||||
|
||||
self.change_status()
|
||||
if not self.is_connected:
|
||||
return
|
||||
|
|
Loading…
Reference in New Issue