Changeset 75 for trunk


Ignore:
Timestamp:
12/16/14 23:06:14 (10 years ago)
Author:
tim
Message:

more improvements to handshake

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bin/bletchley-clonecertchain

    r74 r75  
    5454
    5555
    56 def createClientContext():
    57     tlsClientContext = SSL.Context(SSL.SSLv3_METHOD)
     56def createClientContext(method=SSL.SSLv3_METHOD):
     57    tlsClientContext = SSL.Context(method)
    5858    tlsClientContext.set_verify(SSL.VERIFY_NONE, (lambda a,b,c,d,e: True))
    5959    return tlsClientContext
     
    6161
    6262def fetchCertificateChain(host, port):
    63     serverSock = socket.socket()
    64     serverSock.connect((host,port))
    65    
     63    protocols = [SSL.SSLv23_METHOD, SSL.TLSv1_METHOD,
     64                 SSL.TLSv1_1_METHOD, SSL.TLSv1_2_METHOD,
     65                 SSL.SSLv3_METHOD, SSL.SSLv2_METHOD]
     66
    6667    chain = None
    67     try:
    68         server = SSL.Connection(createClientContext(), serverSock)
    69         server.set_connect_state()
    70         server.do_handshake()
    71     except Exception as e:
    72         sys.stderr.write("Exception during handshake with server: \n")
    73         traceback.print_exc(file=sys.stderr)
    74         sys.stderr.write("\nThis typically occurs when server rejects our "
    75                          "connection due to lack of a client certificate or"
    76                          " for similar reasons.\nAttempting to continue...\n\n")
    77        
    78     return server.get_peer_cert_chain()
     68    for p in protocols:
     69        serverSock = socket.socket()
     70        serverSock.connect((host,port))
     71   
     72        try:
     73            server = SSL.Connection(createClientContext(p), serverSock)
     74            server.set_connect_state()
     75            server.do_handshake()
     76        except Exception as e:
     77            sys.stderr.write("Exception during handshake with server: \n")
     78            traceback.print_exc(file=sys.stderr)
     79            sys.stderr.write("\nThis could happen because the server requires "
     80                             "certain SSL/TLS versions or a client certificiate."
     81                             "  Have no fear, we'll keep trying...\n\n")
     82
     83        chain = server.get_peer_cert_chain()
     84        if chain:
     85            return chain
     86
     87    return chain
    7988
    8089
Note: See TracChangeset for help on using the changeset viewer.