def _start_tls_handshake(self, response, **kwargs):
"""
[MS-CSSP] v13.0 2016-07-14
3.1.5 Processing Events and Sequencing Rules - Step 1
This is the first step in a CredSSP auth sequence where the client and server complete the TLS handshake as
specified in RFC2246. After the handshake is complete, all subsequent CredSSP Protocol messages are encrypted
by the TLS channel.
:param response: The original 401 response from the server
:param kwargs: The requests kwargs from the original response
"""
# Check that the server support CredSSP authentication
self._check_credssp_supported(response)
self.tls_connection = SSL.Connection(self.tls_context)
self.tls_connection.set_connect_state()
log.debug("_start_tls_handshake(): Starting TLS handshake with server")
while True:
try:
self.tls_connection.do_handshake()
except SSL.WantReadError:
request = response.request.copy()
credssp_token = self.tls_connection.bio_read(self.BIO_BUFFER_SIZE)
self._set_credssp_token(request, credssp_token)
response = response.connection.send(request, **kwargs)
response.content
response.raw.release_conn()
server_credssp_token = self._get_credssp_token(response)
self.tls_connection.bio_write(server_credssp_token)
else:
break
self.cipher_negotiated = self.tls_connection.get_cipher_name()
log.debug("_start_tls_handshake(): Handshake complete. Protocol: %s, Cipher: %s" % (
self.tls_connection.get_protocol_version_name(), self.tls_connection.get_cipher_name()))
评论列表
文章目录
