Make ssltools correctly handle SNI

This commit is contained in:
Klaus-Uwe Mitterer 2016-03-30 16:16:08 +02:00
parent a85285d30e
commit ebcb76ab67

View file

@ -1,20 +1,30 @@
import datetime, OpenSSL, socket, ssl import datetime, OpenSSL, socket, ssl
def ssl_wrap_socket(sock, server_hostname): PEM = 0
DER = 1
DERBIN = 2
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) def getRemoteCert(host, port, form = PEM):
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
if ssl.HAS_SNI: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
return context.wrap_socket(sock, server_hostname=server_hostname) sock.settimeout(1)
return context.wrap_socket(sock) wrappedSocket = context.wrap_socket(sock, server_hostname=host)
try:
def getRemoteCert(host, port): wrappedSocket.connect((host, port))
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) except:
s.connect((host, 443)) return False
else:
sslSocket = ssl_wrap_socket(s, host) if form == PEM:
response = ssl.DER_cert_to_PEM_cert(wrappedSocket.getpeercert(True))
return sslSocket.getpeercert() elif form == DER:
response = wrappedSocket.getpeercert(False)
elif form == DERBIN:
response = wrappedSocket.getpeercert(True)
wrappedSocket.close()
return response
def getRemoteExpiry(host,port): def getRemoteExpiry(host,port):
return datetime.datetime.strptime(str(OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, getRemoteCert(host, port)).get_notAfter().decode("UTF-8")), "%Y%m%d%H%M%SZ") try:
return datetime.datetime.strptime(str(OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, getRemoteCert(host, port)).get_notAfter().decode("UTF-8")), "%Y%m%d%H%M%SZ")
except:
pass