Make ssltools correctly handle SNI

2016-03-30 16:16:08 +02:00 · 2016-03-30 16:16:08 +02:00 · ebcb76ab67
parent a85285d30e
commit ebcb76ab67
1 changed files with 25 additions and 15 deletions
--- a/ssltools/init.py
+++ b/ssltools/init.py
@ -1,20 +1,30 @@
 import datetime, OpenSSL, socket, ssl

-def ssl_wrap_socket(sock, server_hostname):
+PEM = 0
+DER = 1
+DERBIN = 2

- context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-
- if ssl.HAS_SNI:
-  return context.wrap_socket(sock, server_hostname=server_hostname)
- return context.wrap_socket(sock)
-
-def getRemoteCert(host, port):
- s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- s.connect((host, 443))
-
- sslSocket = ssl_wrap_socket(s, host)
-
- return sslSocket.getpeercert()
+def getRemoteCert(host, port, form = PEM):
+ context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+ sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+ sock.settimeout(1)
+ wrappedSocket = context.wrap_socket(sock, server_hostname=host)
+ try:
+  wrappedSocket.connect((host, port))
+ except:
+  return False
+ else:
+  if form == PEM:
+   response = ssl.DER_cert_to_PEM_cert(wrappedSocket.getpeercert(True))
+  elif form == DER:
+   response = wrappedSocket.getpeercert(False)
+  elif form == DERBIN:
+   response = wrappedSocket.getpeercert(True)
+  wrappedSocket.close() 
+ return response

 def getRemoteExpiry(host,port):
- return datetime.datetime.strptime(str(OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, getRemoteCert(host, port)).get_notAfter().decode("UTF-8")), "%Y%m%d%H%M%SZ")
+ try:
+  return datetime.datetime.strptime(str(OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, getRemoteCert(host, port)).get_notAfter().decode("UTF-8")), "%Y%m%d%H%M%SZ")
+ except:
+  pass