diff options
-rw-r--r-- | libpathod/pathoc.py | 19 | ||||
-rw-r--r-- | libpathod/pathod.py | 12 | ||||
-rw-r--r-- | libpathod/utils.py | 8 | ||||
-rwxr-xr-x | pathoc | 11 | ||||
-rwxr-xr-x | pathod | 16 |
5 files changed, 47 insertions, 19 deletions
diff --git a/libpathod/pathoc.py b/libpathod/pathoc.py index 32ae8441..4e807002 100644 --- a/libpathod/pathoc.py +++ b/libpathod/pathoc.py @@ -14,15 +14,8 @@ class Response: def __repr__(self): return "Response(%s - %s)"%(self.status_code, self.msg) -SSLVERSIONS = { - 1: tcp.TLSv1_METHOD, - 2: tcp.SSLv2_METHOD, - 3: tcp.SSLv3_METHOD, - 4: tcp.SSLv23_METHOD, -} - class Pathoc(tcp.TCPClient): - def __init__(self, address, ssl=None, sni=None, sslversion=1, clientcert=None): + def __init__(self, address, ssl=None, sni=None, sslversion=1, clientcert=None, ciphers=None): tcp.TCPClient.__init__(self, address) self.settings = dict( staticdir = os.getcwd(), @@ -30,7 +23,8 @@ class Pathoc(tcp.TCPClient): ) self.ssl, self.sni = ssl, sni self.clientcert = clientcert - self.sslversion = SSLVERSIONS[sslversion] + self.sslversion = utils.SSLVERSIONS[sslversion] + self.ciphers = ciphers def http_connect(self, connect_to): self.wfile.write( @@ -56,7 +50,12 @@ class Pathoc(tcp.TCPClient): self.http_connect(connect_to) if self.ssl: try: - self.convert_to_ssl(sni=self.sni, cert=self.clientcert, method=self.sslversion) + self.convert_to_ssl( + sni=self.sni, + cert=self.clientcert, + method=self.sslversion, + cipher_list = self.ciphers + ) except tcp.NetLibError, v: raise PathocError(str(v)) diff --git a/libpathod/pathod.py b/libpathod/pathod.py index e71701fb..a8c2a29f 100644 --- a/libpathod/pathod.py +++ b/libpathod/pathod.py @@ -9,12 +9,14 @@ class PathodError(Exception): pass class SSLOptions: - def __init__(self, certfile=None, keyfile=None, not_after_connect=None, request_client_cert=False): + def __init__(self, certfile=None, keyfile=None, not_after_connect=None, request_client_cert=False, sslversion=tcp.SSLv23_METHOD, ciphers=None): self.keyfile = keyfile or utils.data.path("resources/server.key") self.certfile = certfile or utils.data.path("resources/server.crt") self.cert = certutils.SSLCert.from_pem(file(self.certfile, "rb").read()) self.not_after_connect = not_after_connect self.request_client_cert = request_client_cert + self.ciphers = ciphers + self.sslversion = sslversion class PathodHandler(tcp.BaseHandler): @@ -79,7 +81,9 @@ class PathodHandler(tcp.BaseHandler): self.server.ssloptions.cert, self.server.ssloptions.keyfile, handle_sni = self.handle_sni, - request_client_cert = self.server.ssloptions.request_client_cert + request_client_cert = self.server.ssloptions.request_client_cert, + cipher_list = self.server.ssloptions.ciphers, + method = self.server.ssloptions.sslversion, ) except tcp.NetLibError, v: s = str(v) @@ -185,7 +189,9 @@ class PathodHandler(tcp.BaseHandler): self.server.ssloptions.cert, self.server.ssloptions.keyfile, handle_sni = self.handle_sni, - request_client_cert = self.server.ssloptions.request_client_cert + request_client_cert = self.server.ssloptions.request_client_cert, + cipher_list = self.server.ssloptions.ciphers, + method = self.server.ssloptions.sslversion, ) except tcp.NetLibError, v: s = str(v) diff --git a/libpathod/utils.py b/libpathod/utils.py index b5dc73c7..110a7170 100644 --- a/libpathod/utils.py +++ b/libpathod/utils.py @@ -1,4 +1,12 @@ import os +from netlib import tcp + +SSLVERSIONS = { + 1: tcp.TLSv1_METHOD, + 2: tcp.SSLv2_METHOD, + 3: tcp.SSLv3_METHOD, + 4: tcp.SSLv23_METHOD, +} SIZE_UNITS = dict( b = 1024**0, @@ -61,9 +61,13 @@ if __name__ == "__main__": help="SSL Server Name Indication" ) group.add_argument( + "--ciphers", dest="ciphers", type=str, default=False, + help="SSL cipher specification" + ) + group.add_argument( "--sslversion", dest="sslversion", type=int, default=1, - choices=[1, 2, 3], - help="Use a specified protocol - TLSv1, SSLv2, SSLv3. Default to TLSv1." + choices=[1, 2, 3, 4], + help="Use a specified protocol - TLSv1, SSLv2, SSLv3, SSLv23. Default to TLSv1." ) group = parser.add_argument_group( @@ -133,7 +137,8 @@ if __name__ == "__main__": ssl=args.ssl, sni=args.sni, sslversion=args.sslversion, - clientcert=args.clientcert + clientcert=args.clientcert, + ciphers=args.ciphers ) try: p.connect(connect_to) @@ -38,7 +38,9 @@ def main(parser, args): ssloptions = pathod.SSLOptions( keyfile = args.ssl_keyfile, certfile = args.ssl_certfile, - not_after_connect = args.ssl_not_after_connect + not_after_connect = args.ssl_not_after_connect, + ciphers = args.ciphers, + sslversion = utils.SSLVERSIONS[args.sslversion] ) alst = [] @@ -100,7 +102,7 @@ def main(parser, args): parser.error("%s You probably want to a -d argument."%str(v)) try: - print "%s listening on %s:%s"%(version.NAMEVERSION, args.address, pd.address.port) + print "%s listening on %s:%s"%(version.NAMEVERSION, pd.address.host, pd.address.port) pd.serve_forever() except KeyboardInterrupt: pass @@ -172,7 +174,15 @@ if __name__ == "__main__": "--certfile", dest='ssl_certfile', default=None, type=str, help='SSL cert file. If not specified, a default cert is used.' ) - + group.add_argument( + "--ciphers", dest="ciphers", type=str, default=False, + help="SSL cipher specification" + ) + group.add_argument( + "--sslversion", dest="sslversion", type=int, default=4, + choices=[1, 2, 3, 4], + help="Use a specified protocol - TLSv1, SSLv2, SSLv3, SSLv23. Default to SSLv23." + ) group = parser.add_argument_group( 'Controlling Logging', |