diff options
| author | drebs <drebs@leap.se> | 2013-05-13 18:12:53 -0300 |
|---|---|---|
| committer | drebs <drebs@leap.se> | 2013-05-14 09:12:33 -0300 |
| commit | 85fa4c91448e36658679cbac982ee00b18f95daa (patch) | |
| tree | 78d04d36a2dcc5f78c92f39b5c9aa0ef219023bd /src/leap/soledad/__init__.py | |
| parent | d97c607fa8e5e5659e2992b3c8a7c4ab14988fef (diff) | |
Refactor ssl monkey patching and fix https tests.
Diffstat (limited to 'src/leap/soledad/__init__.py')
| -rw-r--r-- | src/leap/soledad/__init__.py | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/src/leap/soledad/__init__.py b/src/leap/soledad/__init__.py index 4373c53b..b41987cf 100644 --- a/src/leap/soledad/__init__.py +++ b/src/leap/soledad/__init__.py @@ -33,10 +33,18 @@ import logging import urlparse import simplejson as json import scrypt +import httplib +import socket +import ssl from xdg import BaseDirectory from hashlib import sha256 +from u1db.remote import http_client +from u1db.remote.ssl_match_hostname import ( # noqa + CertificateError, + match_hostname, +) from leap.common import events @@ -58,6 +66,13 @@ from leap.soledad.crypto import SoledadCrypto logger = logging.getLogger(name=__name__) +SOLEDAD_CERT = None +""" +Path to the certificate file used to certify the SSL connection between +Soledad client and server. +""" + + # # Exceptions # @@ -100,7 +115,6 @@ def base64_encode(data): # Soledad: local encrypted storage and remote encrypted sync. # - class Soledad(object): """ Soledad provides encrypted data storage and sync. @@ -204,7 +218,7 @@ class Soledad(object): self._init_config(secrets_path, local_db_path, server_url) self._set_token(auth_token) # configure SSL certificate - shared_db.SOLEDAD_CERT = cert_file + SOLEDAD_CERT = cert_file # initiate bootstrap sequence self._bootstrap() @@ -959,3 +973,29 @@ class Soledad(object): server_url = property( _get_server_url, doc='The URL of the Soledad server.') + + +#----------------------------------------------------------------------------- +# Monkey patching u1db to be able to provide a custom SSL cert +#----------------------------------------------------------------------------- + +class VerifiedHTTPSConnection(httplib.HTTPSConnection): + """HTTPSConnection verifying server side certificates.""" + # derived from httplib.py + + def connect(self): + "Connect to a host on a given (SSL) port." + sock = socket.create_connection((self.host, self.port), + self.timeout, self.source_address) + if self._tunnel_host: + self.sock = sock + self._tunnel() + self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, + ssl_version=ssl.PROTOCOL_SSLv3, + cert_reqs=ssl.CERT_REQUIRED, + ca_certs=SOLEDAD_CERT) + match_hostname(self.sock.getpeercert(), self.host) + + +old__VerifiedHTTPSConnection = http_client._VerifiedHTTPSConnection +http_client._VerifiedHTTPSConnection = VerifiedHTTPSConnection |