home · contact · privacy
Improve SSL negotation.
authorChristian Heller <c.heller@plomlompom.de>
Mon, 9 Nov 2020 22:55:46 +0000 (23:55 +0100)
committerChristian Heller <c.heller@plomlompom.de>
Mon, 9 Nov 2020 22:55:46 +0000 (23:55 +0100)
new2/plomrogue/io_tcp.py
new2/rogue_chat_curses.py

index b030f1b9f1c98332084763812bf152666004bb7a..09b9db1bbf3d0f47539a2c4aaea27aacd9c0c18c 100644 (file)
@@ -103,14 +103,12 @@ class PlomSocket:
 
 class PlomSocketSSL(PlomSocket):
 
-    def __init__(self, *args, server_side=False, certfile=None, keyfile=None, **kwargs):
+    def __init__(self, *args, certfile, keyfile, **kwargs):
         import ssl
         super().__init__(*args, **kwargs)
-        if server_side:
-            self.socket = ssl.wrap_socket(self.socket, server_side=True,
-                                          certfile=certfile, keyfile=keyfile)
-        else:
-            self.socket = ssl.wrap_socket(self.socket)
+        self.send('NEED_SSL')
+        self.socket = ssl.wrap_socket(self.socket, server_side=True,
+                                      certfile=certfile, keyfile=keyfile)
 
 
 
@@ -149,7 +147,6 @@ class IO_Handler(socketserver.BaseRequestHandler):
         import threading
         if self.server.socket_class == PlomSocketSSL:
             plom_socket = self.server.socket_class(self.request,
-                                                   server_side=True,
                                                    certfile=self.server.certfile,
                                                    keyfile=self.server.keyfile)
         else:
@@ -197,7 +194,7 @@ class PlomTCPServer(socketserver.ThreadingTCPServer):
 
 class PlomTCPServerSSL(PlomTCPServer):
 
-    def __init__(self, *args, certfile=None, keyfile=None, **kwargs):
+    def __init__(self, *args, certfile, keyfile, **kwargs):
         super().__init__(*args, host='0.0.0.0', **kwargs)
         self.certfile = certfile
         self.keyfile = keyfile
index 15d0053a8bca770f385aa9e8a70a2f707f415c55..c8a17c888388dcfb9317896a7d830ac2bd00b9cf 100755 (executable)
@@ -39,8 +39,12 @@ class PlomSocketClient(PlomSocket):
         self.socket.close()
 
     def run(self):
+        import ssl
         try:
             for msg in self.recv():
+                if msg == 'NEED_SSL':
+                    self.socket = ssl.wrap_socket(self.socket)
+                    continue
                 self.recv_handler(msg)
         except BrokenSocketConnection:
             pass  # we assume socket will be known as dead by now
@@ -606,4 +610,4 @@ class TUI:
                 self.send('TASK:WRITE ' + key)
                 self.switch_mode('play')
 
-TUI('127.0.0.1:5000')
+TUI('localhost:5000')