Make ssltools correctly handle SNI
This commit is contained in:
parent
a85285d30e
commit
ebcb76ab67
|
@ -1,20 +1,30 @@
|
||||||
import datetime, OpenSSL, socket, ssl
|
import datetime, OpenSSL, socket, ssl
|
||||||
|
|
||||||
def ssl_wrap_socket(sock, server_hostname):
|
PEM = 0
|
||||||
|
DER = 1
|
||||||
|
DERBIN = 2
|
||||||
|
|
||||||
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
def getRemoteCert(host, port, form = PEM):
|
||||||
|
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
||||||
if ssl.HAS_SNI:
|
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||||
return context.wrap_socket(sock, server_hostname=server_hostname)
|
sock.settimeout(1)
|
||||||
return context.wrap_socket(sock)
|
wrappedSocket = context.wrap_socket(sock, server_hostname=host)
|
||||||
|
try:
|
||||||
def getRemoteCert(host, port):
|
wrappedSocket.connect((host, port))
|
||||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
except:
|
||||||
s.connect((host, 443))
|
return False
|
||||||
|
else:
|
||||||
sslSocket = ssl_wrap_socket(s, host)
|
if form == PEM:
|
||||||
|
response = ssl.DER_cert_to_PEM_cert(wrappedSocket.getpeercert(True))
|
||||||
return sslSocket.getpeercert()
|
elif form == DER:
|
||||||
|
response = wrappedSocket.getpeercert(False)
|
||||||
|
elif form == DERBIN:
|
||||||
|
response = wrappedSocket.getpeercert(True)
|
||||||
|
wrappedSocket.close()
|
||||||
|
return response
|
||||||
|
|
||||||
def getRemoteExpiry(host,port):
|
def getRemoteExpiry(host,port):
|
||||||
return datetime.datetime.strptime(str(OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, getRemoteCert(host, port)).get_notAfter().decode("UTF-8")), "%Y%m%d%H%M%SZ")
|
try:
|
||||||
|
return datetime.datetime.strptime(str(OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, getRemoteCert(host, port)).get_notAfter().decode("UTF-8")), "%Y%m%d%H%M%SZ")
|
||||||
|
except:
|
||||||
|
pass
|
||||||
|
|
Loading…
Reference in a new issue