def start_dest_tls(self, hostname, client_alpns):
trusted_ca_certs = self.config["client_certs"] or certifi.where()
try:
logger.debug("start dest tls handshaking: {0}".format(hostname))
dest_stream = yield self.dest_conn.start_tls(
insecure=self.config["insecure"],
trusted_ca_certs=trusted_ca_certs,
hostname=hostname, alpns=client_alpns)
# TODO: tornado_ext.iostream should handle this part.
except SSL.SysCallError as e:
raise DestStreamClosedError(detail="Stream closed when tls Handshaking failed")
except (SSL.Error, VerificationError) as e:
raise TlsError("Tls Handshaking Failed on destination with: ({0}) {1}".format(
type(e).__name__, str(e)))
else:
logger.debug(dest_stream.fileno().get_alpn_proto_negotiated())
select_alpn = (dest_stream.fileno().get_alpn_proto_negotiated() or
b"http/1.1")
logger.debug("{0}:{1} -> Choose {2} as application protocol".format(
self.context.host, self.context.port, select_alpn))
logger.debug("finish dest tls handshake")
raise gen.Return((dest_stream, select_alpn))
评论列表
文章目录
