Make ssltools correctly handle SNI
This commit is contained in:
parent
a85285d30e
commit
ebcb76ab67
|
@ -1,20 +1,30 @@
|
|||
import datetime, OpenSSL, socket, ssl
|
||||
|
||||
def ssl_wrap_socket(sock, server_hostname):
|
||||
PEM = 0
|
||||
DER = 1
|
||||
DERBIN = 2
|
||||
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
||||
|
||||
if ssl.HAS_SNI:
|
||||
return context.wrap_socket(sock, server_hostname=server_hostname)
|
||||
return context.wrap_socket(sock)
|
||||
|
||||
def getRemoteCert(host, port):
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.connect((host, 443))
|
||||
|
||||
sslSocket = ssl_wrap_socket(s, host)
|
||||
|
||||
return sslSocket.getpeercert()
|
||||
def getRemoteCert(host, port, form = PEM):
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
sock.settimeout(1)
|
||||
wrappedSocket = context.wrap_socket(sock, server_hostname=host)
|
||||
try:
|
||||
wrappedSocket.connect((host, port))
|
||||
except:
|
||||
return False
|
||||
else:
|
||||
if form == PEM:
|
||||
response = ssl.DER_cert_to_PEM_cert(wrappedSocket.getpeercert(True))
|
||||
elif form == DER:
|
||||
response = wrappedSocket.getpeercert(False)
|
||||
elif form == DERBIN:
|
||||
response = wrappedSocket.getpeercert(True)
|
||||
wrappedSocket.close()
|
||||
return response
|
||||
|
||||
def getRemoteExpiry(host,port):
|
||||
return datetime.datetime.strptime(str(OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, getRemoteCert(host, port)).get_notAfter().decode("UTF-8")), "%Y%m%d%H%M%SZ")
|
||||
try:
|
||||
return datetime.datetime.strptime(str(OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, getRemoteCert(host, port)).get_notAfter().decode("UTF-8")), "%Y%m%d%H%M%SZ")
|
||||
except:
|
||||
pass
|
||||
|
|
Loading…
Reference in a new issue