diff options
Diffstat (limited to 'client')
| -rw-r--r-- | client/src/leap/soledad/client/__init__.py | 24 | ||||
| -rw-r--r-- | client/src/leap/soledad/client/sqlcipher.py | 5 | ||||
| -rw-r--r-- | client/src/leap/soledad/client/target.py | 3 |
3 files changed, 25 insertions, 7 deletions
diff --git a/client/src/leap/soledad/client/__init__.py b/client/src/leap/soledad/client/__init__.py index 586e3389..07255406 100644 --- a/client/src/leap/soledad/client/__init__.py +++ b/client/src/leap/soledad/client/__init__.py @@ -224,7 +224,7 @@ class Soledad(object): def __init__(self, uuid, passphrase, secrets_path, local_db_path, server_url, cert_file, - auth_token=None, secret_id=None, defer_encryption=False): + auth_token=None, secret_id=None, defer_encryption=True): """ Initialize configuration, cryptographic keys and dbs. @@ -1333,9 +1333,25 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection): self.sock = sock self._tunnel() - self.sock = ssl.wrap_socket(sock, - ca_certs=SOLEDAD_CERT, - cert_reqs=ssl.CERT_REQUIRED) + highest_supported = ssl.PROTOCOL_SSLv23 + + try: + # needs python 2.7.9+ + # negotiate the best available version, + # but explicitely disabled bad ones. + ctx = ssl.SSLContext(highest_supported) + ctx.options |= ssl.OP_NO_SSLv2 + ctx.options |= ssl.OP_NO_SSLv3 + + ctx.load_verify_locations(cafile=SOLEDAD_CERT) + ctx.verify_mode = ssl.CERT_REQUIRED + self.sock = ctx.wrap_socket(sock) + + except AttributeError: + self.sock = ssl.wrap_socket( + sock, ca_certs=SOLEDAD_CERT, cert_reqs=ssl.CERT_REQUIRED, + ssl_version=highest_supported) + match_hostname(self.sock.getpeercert(), self.host) diff --git a/client/src/leap/soledad/client/sqlcipher.py b/client/src/leap/soledad/client/sqlcipher.py index 2df9606e..fded2119 100644 --- a/client/src/leap/soledad/client/sqlcipher.py +++ b/client/src/leap/soledad/client/sqlcipher.py @@ -452,6 +452,11 @@ class SQLCipherDatabase(sqlite_backend.SQLitePartialExpandDatabase): # XXX could mark the critical section here... try: + if defer_decryption and not self.defer_encryption: + logger.warning("Can't defer decryption without first having " + "created a sync db. Falling back to normal " + "syncing mode.") + defer_decryption = False res = syncer.sync(autocreate=autocreate, defer_decryption=defer_decryption) diff --git a/client/src/leap/soledad/client/target.py b/client/src/leap/soledad/client/target.py index 70e4d3a2..1eb84e64 100644 --- a/client/src/leap/soledad/client/target.py +++ b/client/src/leap/soledad/client/target.py @@ -28,12 +28,10 @@ import logging import re import urllib import threading -import urlparse from collections import defaultdict from time import sleep from uuid import uuid4 -from contextlib import contextmanager import simplejson as json from taskthread import TimerTask @@ -44,7 +42,6 @@ from u1db.remote.http_client import _encode_query_parameter, HTTPClientBase from zope.proxy import ProxyBase from zope.proxy import sameProxiedObjects, setProxiedObject -from leap.soledad.common import soledad_assert from leap.soledad.common.document import SoledadDocument from leap.soledad.client.auth import TokenBasedAuth from leap.soledad.client.crypto import is_symmetrically_encrypted |