from util import print_error, print_msg
from simple_config import SimpleConfig
+import x509
DEFAULT_TIMEOUT = 5
proxy_modes = ['socks4', 'socks5', 'http']
-def check_cert(host, cert):
- from OpenSSL import crypto as c
- _cert = c.load_certificate(c.FILETYPE_PEM, cert)
-
- m = "host: %s\n"%host
- m += "has_expired: %s\n"% _cert.has_expired()
- m += "pubkey: %s bits\n" % _cert.get_pubkey().bits()
- m += "serial number: %s\n"% _cert.get_serial_number()
- #m += "issuer: %s\n"% _cert.get_issuer()
- #m += "algo: %s\n"% _cert.get_signature_algorithm()
- m += "version: %s\n"% _cert.get_version()
- print_msg(m)
-
-
-def cert_has_expired(cert_path):
- try:
- import OpenSSL
- except Exception:
- print_error("Warning: cannot import OpenSSL")
- return False
- from OpenSSL import crypto as c
- with open(cert_path) as f:
- cert = f.read()
- _cert = c.load_certificate(c.FILETYPE_PEM, cert)
- return _cert.has_expired()
-
-
-def check_certificates():
- config = SimpleConfig()
- mydir = os.path.join(config.path, "certs")
- certs = os.listdir(mydir)
- for c in certs:
- print c
- p = os.path.join(mydir,c)
- with open(p) as f:
- cert = f.read()
- check_cert(c, cert)
def cert_verify_hostname(s):
#json
self.message_id = 0
self.unanswered_requests = {}
- self.pending_transactions_for_notifications= []
# parse server
self.server = server
t1 = time.time()
data = []
+ ids = []
for m in messages:
method, params = m
if type(params) != type([]): params = [params]
data.append( { 'method':method, 'id':self.message_id, 'params':params } )
self.unanswered_requests[self.message_id] = method, params, callback
+ ids.append(self.message_id)
self.message_id += 1
if data:
self.rtime = time.time() - t1
self.is_connected = True
+ return ids
is_new = True
# get server certificate.
# Do not use ssl.get_server_certificate because it does not work with proxy
- s = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
try:
- s.connect((self.host, self.port))
- except Exception:
- # print_error("failed to connect", self.host, self.port)
+ l = socket.getaddrinfo(self.host, self.port, socket.AF_UNSPEC, socket.SOCK_STREAM)
+ except socket.gaierror:
+ print_error("error: cannot resolve", self.host)
return
- try:
- s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_NONE, ca_certs=None)
- except ssl.SSLError, e:
- print_error("SSL error:", self.host, e)
+ for res in l:
+ try:
+ s = socket.socket( res[0], socket.SOCK_STREAM )
+ s.connect(res[4])
+ except:
+ s = None
+ continue
+
+ try:
+ s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_NONE, ca_certs=None)
+ except ssl.SSLError, e:
+ print_error("SSL error retrieving SSL certificate:", self.host, e)
+ s = None
+
+ break
+
+ if s is None:
return
+
dercert = s.getpeercert(True)
s.close()
cert = ssl.DER_cert_to_PEM_cert(dercert)
else:
is_new = False
-
- s = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
- s.settimeout(2)
- s.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
-
try:
- s.connect(( self.host.encode('ascii'), int(self.port)))
- except Exception:
+ addrinfo = socket.getaddrinfo(self.host, self.port, socket.AF_UNSPEC, socket.SOCK_STREAM)
+ except socket.gaierror:
+ print_error("error: cannot resolve", self.host)
+ return
+
+ for res in addrinfo:
+ try:
+ s = socket.socket( res[0], socket.SOCK_STREAM )
+ s.settimeout(2)
+ s.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
+ s.connect(res[4])
+ except:
+ s = None
+ continue
+ break
+
+ if s is None:
print_error("failed to connect", self.host, self.port)
return
if e.errno != 1:
return
if is_new:
- os.rename(temporary_path, cert_path + '.rej')
+ rej = cert_path + '.rej'
+ if os.path.exists(rej):
+ os.unlink(rej)
+ os.rename(temporary_path, rej)
else:
- if cert_has_expired(cert_path):
+ with open(cert_path) as f:
+ cert = f.read()
+ try:
+ x = x509.X509()
+ x.parse(cert)
+ x.slow_parse()
+ except:
+ traceback.print_exc(file=sys.stdout)
+ print_error("wrong certificate", self.host)
+ return
+ try:
+ x.check_date()
+ except:
print_error("certificate has expired:", cert_path)
os.unlink(cert_path)
- else:
- print_msg("wrong certificate", self.host)
+ return
+ print_error("wrong certificate", self.host)
return
except Exception:
print_error("wrap_socket failed", self.host)
except ssl.SSLError:
timeout = True
except socket.error, err:
- if err.errno in [11, 10035]:
+ if err.errno == 60:
+ timeout = True
+ elif err.errno in [11, 10035]:
print_error("socket errno", err.errno)
time.sleep(0.1)
continue
self.s.shutdown(socket.SHUT_RDWR)
self.s.close()
+ self.is_connected = False
+
def is_up_to_date(self):
return self.unanswered_requests == {}
self.queue.put(self)
+ def synchronous_get(self, requests, timeout=100000000):
+ queue = Queue.Queue()
+ ids = self.send(requests, lambda i,r: queue.put(r))
+ id2 = ids[:]
+ res = {}
+ while ids:
+ r = queue.get(True, timeout)
+ _id = r.get('id')
+ if _id in ids:
+ ids.remove(_id)
+ res[_id] = r.get('result')
+ out = []
+ for _id in id2:
+ out.append(res[_id])
+ return out
+
-if __name__ == "__main__":
- check_certificates()
+
+def check_cert(host, cert):
+ try:
+ x = x509.X509()
+ x.parse(cert)
+ x.slow_parse()
+ except:
+ traceback.print_exc(file=sys.stdout)
+ return
+
+ try:
+ x.check_date()
+ expired = False
+ except:
+ expired = True
+
+ m = "host: %s\n"%host
+ m += "has_expired: %s\n"% expired
+ print_msg(m)
+
+
+def test_certificates():
+ config = SimpleConfig()
+ mydir = os.path.join(config.path, "certs")
+ certs = os.listdir(mydir)
+ for c in certs:
+ print c
+ p = os.path.join(mydir,c)
+ with open(p) as f:
+ cert = f.read()
+ check_cert(c, cert)
+
+if __name__ == "__main__":
+ test_certificates()