Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
# https://journal.paul.querna.org/articles/2011/04/05/openssl-memory-use/
|
|
|
|
# Disable SSL compression to save massive memory and cpu
|
|
|
|
|
|
|
|
import logging
|
2015-12-20 22:49:51 +01:00
|
|
|
import os
|
2015-07-12 20:36:46 +02:00
|
|
|
|
Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
from Config import config
|
|
|
|
|
2015-07-07 21:15:20 +02:00
|
|
|
|
2015-12-20 22:49:51 +01:00
|
|
|
def openLibrary():
|
|
|
|
import ctypes
|
|
|
|
import ctypes.util
|
|
|
|
try:
|
2015-12-21 11:29:38 +01:00
|
|
|
if sys.platform.startswith("win"):
|
|
|
|
dll_path = "src/lib/opensslVerify/libeay32.dll"
|
|
|
|
elif sys.platform == "cygwin":
|
|
|
|
dll_path = "/bin/cygcrypto-1.0.0.dll"
|
|
|
|
else:
|
|
|
|
dll_path = "/usr/local/ssl/lib/libcrypto.so"
|
|
|
|
ssl = ctypes.CDLL(dll_path, ctypes.RTLD_GLOBAL)
|
2015-12-20 22:49:51 +01:00
|
|
|
assert ssl
|
|
|
|
except:
|
|
|
|
dll_path = ctypes.util.find_library('ssl') or ctypes.util.find_library('crypto') or ctypes.util.find_library('libcrypto')
|
|
|
|
ssl = ctypes.CDLL(dll_path or 'libeay32', ctypes.RTLD_GLOBAL)
|
|
|
|
return ssl
|
|
|
|
|
|
|
|
|
Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
def disableSSLCompression():
|
2015-07-07 21:15:20 +02:00
|
|
|
import ctypes
|
|
|
|
import ctypes.util
|
|
|
|
try:
|
2015-12-20 22:49:51 +01:00
|
|
|
openssl = openLibrary()
|
2015-07-07 21:15:20 +02:00
|
|
|
openssl.SSL_COMP_get_compression_methods.restype = ctypes.c_void_p
|
|
|
|
except Exception, err:
|
|
|
|
logging.debug("Disable SSL compression failed: %s (normal on Windows)" % err)
|
|
|
|
return False
|
|
|
|
|
|
|
|
openssl.sk_zero.argtypes = [ctypes.c_void_p]
|
|
|
|
openssl.sk_zero(openssl.SSL_COMP_get_compression_methods())
|
|
|
|
logging.debug("Disabled SSL compression on %s" % openssl)
|
Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
|
|
|
|
|
|
|
|
if config.disable_sslcompression:
|
2015-12-20 22:49:51 +01:00
|
|
|
try:
|
|
|
|
disableSSLCompression()
|
|
|
|
except Exception, err:
|
|
|
|
logging.debug("Error disabling SSL compression: %s" % err)
|
Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
|
|
|
|
|
|
|
|
# https://github.com/gevent/gevent/issues/477
|
|
|
|
# Re-add sslwrap to Python 2.7.9
|
|
|
|
|
|
|
|
__ssl__ = __import__('ssl')
|
2015-07-07 21:15:20 +02:00
|
|
|
|
Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
try:
|
2015-07-07 21:15:20 +02:00
|
|
|
_ssl = __ssl__._ssl
|
Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
except AttributeError:
|
2015-07-07 21:15:20 +02:00
|
|
|
_ssl = __ssl__._ssl2
|
Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
|
|
|
|
OldSSLSocket = __ssl__.SSLSocket
|
|
|
|
|
2015-07-07 21:15:20 +02:00
|
|
|
|
Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
class NewSSLSocket(OldSSLSocket):
|
2015-07-07 21:15:20 +02:00
|
|
|
# Fix SSLSocket constructor
|
|
|
|
|
|
|
|
def __init__(
|
|
|
|
self, sock, keyfile=None, certfile=None, server_side=False,
|
|
|
|
cert_reqs=__ssl__.CERT_REQUIRED, ssl_version=2, ca_certs=None,
|
|
|
|
do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None,
|
|
|
|
server_hostname=None, _context=None
|
|
|
|
):
|
|
|
|
OldSSLSocket.__init__(
|
|
|
|
self, sock, keyfile=keyfile, certfile=certfile,
|
|
|
|
server_side=server_side, cert_reqs=cert_reqs,
|
|
|
|
ssl_version=ssl_version, ca_certs=ca_certs,
|
|
|
|
do_handshake_on_connect=do_handshake_on_connect,
|
|
|
|
suppress_ragged_eofs=suppress_ragged_eofs, ciphers=ciphers
|
|
|
|
)
|
Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
|
|
|
|
|
|
|
|
def new_sslwrap(
|
2015-07-07 21:15:20 +02:00
|
|
|
sock, server_side=False, keyfile=None, certfile=None,
|
|
|
|
cert_reqs=__ssl__.CERT_NONE, ssl_version=__ssl__.PROTOCOL_SSLv23,
|
|
|
|
ca_certs=None, ciphers=None
|
Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
):
|
2015-07-07 21:15:20 +02:00
|
|
|
context = __ssl__.SSLContext(ssl_version)
|
|
|
|
context.verify_mode = cert_reqs or __ssl__.CERT_NONE
|
|
|
|
if ca_certs:
|
|
|
|
context.load_verify_locations(ca_certs)
|
|
|
|
if certfile:
|
|
|
|
context.load_cert_chain(certfile, keyfile)
|
|
|
|
if ciphers:
|
|
|
|
context.set_ciphers(ciphers)
|
Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
|
2015-07-07 21:15:20 +02:00
|
|
|
caller_self = inspect.currentframe().f_back.f_locals['self']
|
|
|
|
return context._wrap_socket(sock, server_side=server_side, ssl_sock=caller_self)
|
Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
|
|
|
|
|
2015-07-07 21:15:20 +02:00
|
|
|
# Re-add sslwrap to Python 2.7.9+
|
Version 0.3.1, rev238, Connection encryption using TLS, One click site clone feature, Encryption stats, Disable encryption startup parameter, Disable ssl compression startup parameter, Exchange supported encryption methods at handshake, Alternative open port checker, Option to store site privatekey in users.json, Torrent tracker swap, Test for bip32 based site creation, cloning and sslcert creation, Fix for Chrome plugin on OSX, Separate siteSign websocket command, Update pybitcointools to major speedup, Re-add sslwrap for python 0.2.9+, Disable SSL compression to save memory and better performance
2015-06-10 00:29:30 +02:00
|
|
|
if not hasattr(_ssl, 'sslwrap'):
|
2015-07-07 21:15:20 +02:00
|
|
|
import inspect
|
|
|
|
_ssl.sslwrap = new_sslwrap
|
|
|
|
__ssl__.SSLSocket = NewSSLSocket
|
|
|
|
logging.debug("Missing SSLwrap, readded.")
|
|
|
|
|
|
|
|
|
2015-07-12 20:36:46 +02:00
|
|
|
# Add SSLContext to gevent.ssl (Ubuntu 15 fix)
|
2015-07-07 21:15:20 +02:00
|
|
|
try:
|
|
|
|
import gevent
|
|
|
|
if not hasattr(gevent.ssl, "SSLContext"):
|
|
|
|
gevent.ssl.SSLContext = __ssl__.SSLContext
|
|
|
|
logging.debug("Missing SSLContext, readded.")
|
|
|
|
except Exception, err:
|
|
|
|
pass
|
|
|
|
|
2015-11-08 12:33:13 +01:00
|
|
|
# Fix PROTOCOL_SSLv3 not defined
|
|
|
|
if "PROTOCOL_SSLv3" not in dir(__ssl__):
|
|
|
|
__ssl__.PROTOCOL_SSLv3 = __ssl__.PROTOCOL_SSLv23
|
|
|
|
logging.debug("Redirected PROTOCOL_SSLv3 to PROTOCOL_SSLv23.")
|
2015-06-17 00:49:46 +02:00
|
|
|
|
2015-07-07 21:15:20 +02:00
|
|
|
logging.debug("Python SSL version: %s" % __ssl__.OPENSSL_VERSION)
|