oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use implicit ssl for connections

Browse source
This commit is contained in:
shortcutme 2018-03-14 22:24:06 +01:00
parent feb00d5b8a
commit 8787774764
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/Connection/Connection.py
View file

@ -121,11 +121,26 @@ class Connection(object):
self.sock.connect((self.ip, int(self.port))) self.sock.connect((self.ip, int(self.port)))
# Implicit SSL # Implicit SSL
should_encrypt = not self.ip.endswith(".onion") and self.ip not in self.server.broken_ssl_ips and self.ip not in config.ip_local
if self.cert_pin: if self.cert_pin:
self.sock = CryptConnection.manager.wrapSocket(self.sock, "tls-rsa", cert_pin=self.cert_pin) self.sock = CryptConnection.manager.wrapSocket(self.sock, "tls-rsa", cert_pin=self.cert_pin)
self.sock.do_handshake() self.sock.do_handshake()
self.crypt = "tls-rsa" self.crypt = "tls-rsa"
self.sock_wrapped = True self.sock_wrapped = True
elif should_encrypt and "tsl-rsa" in CryptConnection.manager.crypt_supported:
try:
self.sock = CryptConnection.manager.wrapSocket(self.sock, "tls-rsa")
self.sock.do_handshake()
self.crypt = "tls-rsa"
self.sock_wrapped = True
except Exception, err:
if not config.force_encryption:
self.log("Crypt connection error: %s, adding ip %s as broken ssl." % (err, self.ip))
self.server.broken_ssl_ips[self.ip] = True
self.sock.close()
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.sock.connect((self.ip, int(self.port)))
# Detect protocol # Detect protocol
self.send({"cmd": "handshake", "req_id": 0, "params": self.getHandshakeInfo()}) self.send({"cmd": "handshake", "req_id": 0, "params": self.getHandshakeInfo()})