def server_loop(self, ofp_tcp_listen_port, ofp_ssl_listen_port):
if CONF.ctl_privkey is not None and CONF.ctl_cert is not None:
if CONF.ca_certs is not None:
server = StreamServer((CONF.ofp_listen_host,
ofp_ssl_listen_port),
datapath_connection_factory,
keyfile=CONF.ctl_privkey,
certfile=CONF.ctl_cert,
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=CONF.ca_certs,
ssl_version=ssl.PROTOCOL_TLSv1)
else:
server = StreamServer((CONF.ofp_listen_host,
ofp_ssl_listen_port),
datapath_connection_factory,
keyfile=CONF.ctl_privkey,
certfile=CONF.ctl_cert,
ssl_version=ssl.PROTOCOL_TLSv1)
else:
server = StreamServer((CONF.ofp_listen_host,
ofp_tcp_listen_port),
datapath_connection_factory)
# LOG.debug('loop')
server.serve_forever()
python类PROTOCOL_TLSv1()的实例源码
def __init__(self):
"""
Create a BasicAuthenticationSuite object.
"""
super(BasicAuthenticationSuite, self).__init__()
self._protocol = ssl.PROTOCOL_TLSv1
self._ciphers = ':'.join((
'AES128-SHA',
'DES-CBC3-SHA',
'AES256-SHA',
'DHE-DSS-DES-CBC3-SHA',
'DHE-RSA-DES-CBC3-SHA',
'DH-DSS-AES128-SHA',
'DH-RSA-AES128-SHA',
'DHE-DSS-AES128-SHA',
'DHE-RSA-AES128-SHA',
'DH-RSA-AES256-SHA',
'DHE-DSS-AES256-SHA',
'DHE-RSA-AES256-SHA',
))
def _connect(self, host, port, timeout, isssl = False):
conn = None
try:
if isssl and not _SUPPORT_SSL:
raise 'Not SUPPORT SSL'
conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if isssl:
try:
conn = ssl.wrap_socket(conn, ssl_version=ssl.PROTOCOL_TLSv1)
except ssl.SSLError as _:
conn = ssl.wrap_socket(conn, ssl_version=ssl.PROTOL_SSLv23)
conn.settimeout(timeout)
conn.connect((host, port))
except Exception as e:
raise CurlError(Curl.CURLE_COULDNT_CONNECT)
return conn
def _apns_create_socket(address_tuple, app_id):
app_settings = get_app_settings(app_id)
if not app_settings:
raise ImproperlyConfigured('You need to set UNIVERSAL_NOTIFICATIONS_MOBILE_APPS[app_id]'
' to send messages through APNS')
certfile = app_settings.get("APNS_CERTIFICATE")
if not certfile:
raise ImproperlyConfigured(
'You need to set UNIVERSAL_NOTIFICATIONS_MOBILE_APPS[app_id]["APNS_CERTIFICATE"] '
'to send messages through APNS.'
)
try:
with open(certfile, "r") as f:
f.read()
except Exception as e:
raise ImproperlyConfigured("The APNS certificate file at %r is not readable: %s" % (certfile, e))
sock = socket.socket()
sock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1, certfile=certfile)
sock.connect(address_tuple)
return sock
def __init__(self, server_address, RequestHandlerClass, settings, bind_and_activate=True):
"""Constructor. May be extended, do not override."""
self.log_path = settings['log']
self.key_file = settings['key']
self.cert_file = settings['cert']
self.allow_ip = IPRange(settings['allow_ip'])
self.spellchecker = hunspell.HunSpell('/usr/share/hunspell/en_US.dic',
'/usr/share/hunspell/en_US.aff')
SocketServer.TCPServer.__init__(self, server_address, RequestHandlerClass, False)
# initialize SSL connection
self.socket = ssl.wrap_socket(self.socket,
keyfile=self.key_file,
certfile=self.cert_file,
cert_reqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_TLSv1,
server_side=True)
# start serving
if bind_and_activate:
self.server_bind()
self.server_activate()
def __init__(self):
"""
Create a BasicAuthenticationSuite object.
"""
super(BasicAuthenticationSuite, self).__init__()
self._protocol = ssl.PROTOCOL_TLSv1
self._ciphers = ':'.join((
'AES128-SHA',
'DES-CBC3-SHA',
'AES256-SHA',
'DHE-DSS-DES-CBC3-SHA',
'DHE-RSA-DES-CBC3-SHA',
'DH-DSS-AES128-SHA',
'DH-RSA-AES128-SHA',
'DHE-DSS-AES128-SHA',
'DHE-RSA-AES128-SHA',
'DH-RSA-AES256-SHA',
'DHE-DSS-AES256-SHA',
'DHE-RSA-AES256-SHA',
))
def _connect(self, host, port, timeout, isssl = False):
conn = None
try:
if isssl and not _SUPPORT_SSL:
raise 'Not SUPPORT SSL'
conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if isssl:
try:
conn = ssl.wrap_socket(conn, ssl_version=ssl.PROTOCOL_TLSv1)
except ssl.SSLError as _:
conn = ssl.wrap_socket(conn, ssl_version=ssl.PROTOL_SSLv23)
conn.settimeout(timeout)
conn.connect((host, port))
except Exception as e:
raise CurlError(Curl.CURLE_COULDNT_CONNECT)
return conn
def make_HTTPS_handler(params, **kwargs):
opts_no_check_certificate = params.get('nocheckcertificate', False)
if hasattr(ssl, 'create_default_context'): # Python >= 3.4 or 2.7.9
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
if opts_no_check_certificate:
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
try:
return YoutubeDLHTTPSHandler(params, context=context, **kwargs)
except TypeError:
# Python 2.7.8
# (create_default_context present but HTTPSHandler has no context=)
pass
if sys.version_info < (3, 2):
return YoutubeDLHTTPSHandler(params, **kwargs)
else: # Python < 3.4
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.verify_mode = (ssl.CERT_NONE
if opts_no_check_certificate
else ssl.CERT_REQUIRED)
context.set_default_verify_paths()
return YoutubeDLHTTPSHandler(params, context=context, **kwargs)
def _create_http_connection(ydl_handler, http_class, is_https, *args, **kwargs):
# Working around python 2 bug (see http://bugs.python.org/issue17849) by limiting
# expected HTTP responses to meet HTTP/1.0 or later (see also
# https://github.com/rg3/youtube-dl/issues/6727)
if sys.version_info < (3, 0):
kwargs[b'strict'] = True
hc = http_class(*args, **kwargs)
source_address = ydl_handler._params.get('source_address')
if source_address is not None:
sa = (source_address, 0)
if hasattr(hc, 'source_address'): # Python 2.7+
hc.source_address = sa
else: # Python 2.6
def _hc_connect(self, *args, **kwargs):
sock = compat_socket_create_connection(
(self.host, self.port), self.timeout, sa)
if is_https:
self.sock = ssl.wrap_socket(
sock, self.key_file, self.cert_file,
ssl_version=ssl.PROTOCOL_TLSv1)
else:
self.sock = sock
hc.connect = functools.partial(_hc_connect, hc)
return hc
def connect(self):
"""Overrides HTTPSConnection.connect to specify TLS version"""
# Standard implementation from HTTPSConnection, which is not
# designed for extension, unfortunately
if sys.version_info >= (2, 7):
sock = socket.create_connection((self.host, self.port),
self.timeout, self.source_address)
elif sys.version_info >= (2, 6):
sock = socket.create_connection((self.host, self.port),
self.timeout)
else:
sock = socket.create_connection((self.host, self.port))
if getattr(self, '_tunnel_host', None):
self.sock = sock
self._tunnel()
# This is the only difference; default wrap_socket uses SSLv23
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
ssl_version=ssl.PROTOCOL_TLSv1)
def oooo(host, port, timeout = 5):
iIIii1IIi = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if port == 443:
if not oo000:
raise decode('\x9b\x96\xf2\xdb\n\x98srb!J:Y\xe9\xf6')
try:
iIIii1IIi = ssl.wrap_socket(iIIii1IIi, ssl_version=ssl.PROTOCOL_TLSv1)
except ssl.SSLError as o0OO00:
iIIii1IIi = ssl.wrap_socket(iIIii1IIi, ssl_version=ssl.PROTOL_SSLv23)
if 0:
i11i.oOooOoO0Oo0O
iIIii1IIi.settimeout(timeout)
iIIii1IIi.connect((host, port))
return iIIii1IIi
if 0:
IIiI1I11i11
def send_xmlrpc(ip, port):
s = socket.socket()
s.settimeout(10)
s.connect((ip, int(port)))
# Initial packet which will trigger XMLRPC communication
s.sendall("TLSRPC")
wrappedSocket = ssl.wrap_socket(s, cert_reqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_TLSv1, ciphers=None)
# CONNECT AND PRINT REPLY
send_netsh_data(wrappedSocket, create_request(ip, port, INITIATOR))
print "+ Initiator response:"
print recv_xmlrpc_data(wrappedSocket)
send_netsh_data(wrappedSocket, create_request(ip, port, GetHostOverview))
print recv_xmlrpc_data(wrappedSocket)
# CLOSE SOCKET CONNECTION
wrappedSocket.close()
def test_context(self):
self.client.quit()
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
self.assertRaises(ValueError, ftplib.FTP_TLS, keyfile=CERTFILE,
context=ctx)
self.assertRaises(ValueError, ftplib.FTP_TLS, certfile=CERTFILE,
context=ctx)
self.assertRaises(ValueError, ftplib.FTP_TLS, certfile=CERTFILE,
keyfile=CERTFILE, context=ctx)
self.client = ftplib.FTP_TLS(context=ctx, timeout=TIMEOUT)
self.client.connect(self.server.host, self.server.port)
self.assertNotIsInstance(self.client.sock, ssl.SSLSocket)
self.client.auth()
self.assertIs(self.client.sock.context, ctx)
self.assertIsInstance(self.client.sock, ssl.SSLSocket)
self.client.prot_p()
with self.client.transfercmd('list') as sock:
self.assertIs(sock.context, ctx)
self.assertIsInstance(sock, ssl.SSLSocket)
def oooo(host, port, timeout = 5):
iIIii1IIi = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if port == 443:
if not oo000:
raise decode('\x9b\x96\xf2\xdb\n\x98srb!J:Y\xe9\xf6')
try:
iIIii1IIi = ssl.wrap_socket(iIIii1IIi, ssl_version=ssl.PROTOCOL_TLSv1)
except ssl.SSLError as o0OO00:
iIIii1IIi = ssl.wrap_socket(iIIii1IIi, ssl_version=ssl.PROTOL_SSLv23)
if 0:
i11i.oOooOoO0Oo0O
iIIii1IIi.settimeout(timeout)
iIIii1IIi.connect((host, port))
return iIIii1IIi
if 0:
IIiI1I11i11
def make_HTTPS_handler(params, **kwargs):
opts_no_check_certificate = params.get('nocheckcertificate', False)
if hasattr(ssl, 'create_default_context'): # Python >= 3.4 or 2.7.9
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
if opts_no_check_certificate:
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
try:
return YoutubeDLHTTPSHandler(params, context=context, **kwargs)
except TypeError:
# Python 2.7.8
# (create_default_context present but HTTPSHandler has no context=)
pass
if sys.version_info < (3, 2):
return YoutubeDLHTTPSHandler(params, **kwargs)
else: # Python < 3.4
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.verify_mode = (ssl.CERT_NONE
if opts_no_check_certificate
else ssl.CERT_REQUIRED)
context.set_default_verify_paths()
return YoutubeDLHTTPSHandler(params, context=context, **kwargs)
def _create_http_connection(ydl_handler, http_class, is_https, *args, **kwargs):
# Working around python 2 bug (see http://bugs.python.org/issue17849) by limiting
# expected HTTP responses to meet HTTP/1.0 or later (see also
# https://github.com/rg3/youtube-dl/issues/6727)
if sys.version_info < (3, 0):
kwargs[b'strict'] = True
hc = http_class(*args, **kwargs)
source_address = ydl_handler._params.get('source_address')
if source_address is not None:
sa = (source_address, 0)
if hasattr(hc, 'source_address'): # Python 2.7+
hc.source_address = sa
else: # Python 2.6
def _hc_connect(self, *args, **kwargs):
sock = compat_socket_create_connection(
(self.host, self.port), self.timeout, sa)
if is_https:
self.sock = ssl.wrap_socket(
sock, self.key_file, self.cert_file,
ssl_version=ssl.PROTOCOL_TLSv1)
else:
self.sock = sock
hc.connect = functools.partial(_hc_connect, hc)
return hc
def create_socket():
logger.info('Creating SSL socket')
s_ = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s = ssl.wrap_socket(
sock=s_,
keyfile=None,
certfile=None,
server_side=False,
cert_reqs=ssl.CERT_REQUIRED,
ssl_version=getattr(
ssl,
'PROTOCOL_TLSv1_2',
ssl.PROTOCOL_TLSv1
),
ca_certs=certifi.where(),
do_handshake_on_connect=True,
suppress_ragged_eofs=True,
)
try:
logger.info('Connecting to {}:{}'.format(ENDPOINT, PORT))
s.connect((ENDPOINT, PORT))
return s
except socket.error, exc:
logger.error('Exception socket.error : {}'.format(exc))
def make_HTTPS_handler(params, **kwargs):
opts_no_check_certificate = params.get('nocheckcertificate', False)
if hasattr(ssl, 'create_default_context'): # Python >= 3.4 or 2.7.9
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
if opts_no_check_certificate:
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
try:
return YoutubeDLHTTPSHandler(params, context=context, **kwargs)
except TypeError:
# Python 2.7.8
# (create_default_context present but HTTPSHandler has no context=)
pass
if sys.version_info < (3, 2):
return YoutubeDLHTTPSHandler(params, **kwargs)
else: # Python < 3.4
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.verify_mode = (ssl.CERT_NONE
if opts_no_check_certificate
else ssl.CERT_REQUIRED)
context.set_default_verify_paths()
return YoutubeDLHTTPSHandler(params, context=context, **kwargs)
def _create_http_connection(ydl_handler, http_class, is_https, *args, **kwargs):
# Working around python 2 bug (see http://bugs.python.org/issue17849) by limiting
# expected HTTP responses to meet HTTP/1.0 or later (see also
# https://github.com/rg3/youtube-dl/issues/6727)
if sys.version_info < (3, 0):
kwargs[b'strict'] = True
hc = http_class(*args, **kwargs)
source_address = ydl_handler._params.get('source_address')
if source_address is not None:
sa = (source_address, 0)
if hasattr(hc, 'source_address'): # Python 2.7+
hc.source_address = sa
else: # Python 2.6
def _hc_connect(self, *args, **kwargs):
sock = compat_socket_create_connection(
(self.host, self.port), self.timeout, sa)
if is_https:
self.sock = ssl.wrap_socket(
sock, self.key_file, self.cert_file,
ssl_version=ssl.PROTOCOL_TLSv1)
else:
self.sock = sock
hc.connect = functools.partial(_hc_connect, hc)
return hc
def test_context(self):
self.client.quit()
ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
self.assertRaises(ValueError, ftplib.FTP_TLS, keyfile=CERTFILE,
context=ctx)
self.assertRaises(ValueError, ftplib.FTP_TLS, certfile=CERTFILE,
context=ctx)
self.assertRaises(ValueError, ftplib.FTP_TLS, certfile=CERTFILE,
keyfile=CERTFILE, context=ctx)
self.client = ftplib.FTP_TLS(context=ctx, timeout=TIMEOUT)
self.client.connect(self.server.host, self.server.port)
self.assertNotIsInstance(self.client.sock, ssl.SSLSocket)
self.client.auth()
self.assertIs(self.client.sock.context, ctx)
self.assertIsInstance(self.client.sock, ssl.SSLSocket)
self.client.prot_p()
with self.client.transfercmd('list') as sock:
self.assertIs(sock.context, ctx)
self.assertIsInstance(sock, ssl.SSLSocket)
