aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--libpathod/pathoc.py19
-rw-r--r--libpathod/pathod.py12
-rw-r--r--libpathod/utils.py8
-rwxr-xr-xpathoc11
-rwxr-xr-xpathod16
5 files changed, 47 insertions, 19 deletions
diff --git a/libpathod/pathoc.py b/libpathod/pathoc.py
index 32ae8441..4e807002 100644
--- a/libpathod/pathoc.py
+++ b/libpathod/pathoc.py
@@ -14,15 +14,8 @@ class Response:
def __repr__(self):
return "Response(%s - %s)"%(self.status_code, self.msg)
-SSLVERSIONS = {
- 1: tcp.TLSv1_METHOD,
- 2: tcp.SSLv2_METHOD,
- 3: tcp.SSLv3_METHOD,
- 4: tcp.SSLv23_METHOD,
-}
-
class Pathoc(tcp.TCPClient):
- def __init__(self, address, ssl=None, sni=None, sslversion=1, clientcert=None):
+ def __init__(self, address, ssl=None, sni=None, sslversion=1, clientcert=None, ciphers=None):
tcp.TCPClient.__init__(self, address)
self.settings = dict(
staticdir = os.getcwd(),
@@ -30,7 +23,8 @@ class Pathoc(tcp.TCPClient):
)
self.ssl, self.sni = ssl, sni
self.clientcert = clientcert
- self.sslversion = SSLVERSIONS[sslversion]
+ self.sslversion = utils.SSLVERSIONS[sslversion]
+ self.ciphers = ciphers
def http_connect(self, connect_to):
self.wfile.write(
@@ -56,7 +50,12 @@ class Pathoc(tcp.TCPClient):
self.http_connect(connect_to)
if self.ssl:
try:
- self.convert_to_ssl(sni=self.sni, cert=self.clientcert, method=self.sslversion)
+ self.convert_to_ssl(
+ sni=self.sni,
+ cert=self.clientcert,
+ method=self.sslversion,
+ cipher_list = self.ciphers
+ )
except tcp.NetLibError, v:
raise PathocError(str(v))
diff --git a/libpathod/pathod.py b/libpathod/pathod.py
index e71701fb..a8c2a29f 100644
--- a/libpathod/pathod.py
+++ b/libpathod/pathod.py
@@ -9,12 +9,14 @@ class PathodError(Exception): pass
class SSLOptions:
- def __init__(self, certfile=None, keyfile=None, not_after_connect=None, request_client_cert=False):
+ def __init__(self, certfile=None, keyfile=None, not_after_connect=None, request_client_cert=False, sslversion=tcp.SSLv23_METHOD, ciphers=None):
self.keyfile = keyfile or utils.data.path("resources/server.key")
self.certfile = certfile or utils.data.path("resources/server.crt")
self.cert = certutils.SSLCert.from_pem(file(self.certfile, "rb").read())
self.not_after_connect = not_after_connect
self.request_client_cert = request_client_cert
+ self.ciphers = ciphers
+ self.sslversion = sslversion
class PathodHandler(tcp.BaseHandler):
@@ -79,7 +81,9 @@ class PathodHandler(tcp.BaseHandler):
self.server.ssloptions.cert,
self.server.ssloptions.keyfile,
handle_sni = self.handle_sni,
- request_client_cert = self.server.ssloptions.request_client_cert
+ request_client_cert = self.server.ssloptions.request_client_cert,
+ cipher_list = self.server.ssloptions.ciphers,
+ method = self.server.ssloptions.sslversion,
)
except tcp.NetLibError, v:
s = str(v)
@@ -185,7 +189,9 @@ class PathodHandler(tcp.BaseHandler):
self.server.ssloptions.cert,
self.server.ssloptions.keyfile,
handle_sni = self.handle_sni,
- request_client_cert = self.server.ssloptions.request_client_cert
+ request_client_cert = self.server.ssloptions.request_client_cert,
+ cipher_list = self.server.ssloptions.ciphers,
+ method = self.server.ssloptions.sslversion,
)
except tcp.NetLibError, v:
s = str(v)
diff --git a/libpathod/utils.py b/libpathod/utils.py
index b5dc73c7..110a7170 100644
--- a/libpathod/utils.py
+++ b/libpathod/utils.py
@@ -1,4 +1,12 @@
import os
+from netlib import tcp
+
+SSLVERSIONS = {
+ 1: tcp.TLSv1_METHOD,
+ 2: tcp.SSLv2_METHOD,
+ 3: tcp.SSLv3_METHOD,
+ 4: tcp.SSLv23_METHOD,
+}
SIZE_UNITS = dict(
b = 1024**0,
diff --git a/pathoc b/pathoc
index c553f68c..18faf892 100755
--- a/pathoc
+++ b/pathoc
@@ -61,9 +61,13 @@ if __name__ == "__main__":
help="SSL Server Name Indication"
)
group.add_argument(
+ "--ciphers", dest="ciphers", type=str, default=False,
+ help="SSL cipher specification"
+ )
+ group.add_argument(
"--sslversion", dest="sslversion", type=int, default=1,
- choices=[1, 2, 3],
- help="Use a specified protocol - TLSv1, SSLv2, SSLv3. Default to TLSv1."
+ choices=[1, 2, 3, 4],
+ help="Use a specified protocol - TLSv1, SSLv2, SSLv3, SSLv23. Default to TLSv1."
)
group = parser.add_argument_group(
@@ -133,7 +137,8 @@ if __name__ == "__main__":
ssl=args.ssl,
sni=args.sni,
sslversion=args.sslversion,
- clientcert=args.clientcert
+ clientcert=args.clientcert,
+ ciphers=args.ciphers
)
try:
p.connect(connect_to)
diff --git a/pathod b/pathod
index 4e292cb1..ceadfa98 100755
--- a/pathod
+++ b/pathod
@@ -38,7 +38,9 @@ def main(parser, args):
ssloptions = pathod.SSLOptions(
keyfile = args.ssl_keyfile,
certfile = args.ssl_certfile,
- not_after_connect = args.ssl_not_after_connect
+ not_after_connect = args.ssl_not_after_connect,
+ ciphers = args.ciphers,
+ sslversion = utils.SSLVERSIONS[args.sslversion]
)
alst = []
@@ -100,7 +102,7 @@ def main(parser, args):
parser.error("%s You probably want to a -d argument."%str(v))
try:
- print "%s listening on %s:%s"%(version.NAMEVERSION, args.address, pd.address.port)
+ print "%s listening on %s:%s"%(version.NAMEVERSION, pd.address.host, pd.address.port)
pd.serve_forever()
except KeyboardInterrupt:
pass
@@ -172,7 +174,15 @@ if __name__ == "__main__":
"--certfile", dest='ssl_certfile', default=None, type=str,
help='SSL cert file. If not specified, a default cert is used.'
)
-
+ group.add_argument(
+ "--ciphers", dest="ciphers", type=str, default=False,
+ help="SSL cipher specification"
+ )
+ group.add_argument(
+ "--sslversion", dest="sslversion", type=int, default=4,
+ choices=[1, 2, 3, 4],
+ help="Use a specified protocol - TLSv1, SSLv2, SSLv3, SSLv23. Default to SSLv23."
+ )
group = parser.add_argument_group(
'Controlling Logging',