From a5741704e4c4c5e679b3cfd6486d8f758087a51c Mon Sep 17 00:00:00 2001 From: HelloZeroNet Date: Tue, 7 Jul 2015 21:15:20 +0200 Subject: [PATCH] rev280, Fix Ubutuntu 15 gevent SSL incompatibility --- src/Config.py | 2 +- src/util/SslPatch.py | 111 ++++++++++++++++++++++++------------------- 2 files changed, 64 insertions(+), 49 deletions(-) diff --git a/src/Config.py b/src/Config.py index f6002e56..6165b7f1 100644 --- a/src/Config.py +++ b/src/Config.py @@ -4,7 +4,7 @@ import ConfigParser class Config(object): def __init__(self): self.version = "0.3.1" - self.rev = 278 + self.rev = 280 self.parser = self.createArguments() argv = sys.argv[:] # Copy command line arguments argv = self.parseConfig(argv) # Add arguments from config file diff --git a/src/util/SslPatch.py b/src/util/SslPatch.py index 1977859c..f25f33c9 100644 --- a/src/util/SslPatch.py +++ b/src/util/SslPatch.py @@ -4,76 +4,91 @@ import logging from Config import config + def disableSSLCompression(): - import ctypes - import ctypes.util - try: - openssl = ctypes.CDLL(ctypes.util.find_library('ssl') or ctypes.util.find_library('crypto') or 'libeay32', ctypes.RTLD_GLOBAL) - openssl.SSL_COMP_get_compression_methods.restype = ctypes.c_void_p - except Exception, err: - logging.debug("Disable SSL compression failed: %s (normal on Windows)" % err) - return False - - openssl.sk_zero.argtypes = [ctypes.c_void_p] - openssl.sk_zero(openssl.SSL_COMP_get_compression_methods()) - logging.debug("Disabled SSL compression on %s" % openssl) + import ctypes + import ctypes.util + try: + openssl = ctypes.CDLL(ctypes.util.find_library('ssl') or ctypes.util.find_library('crypto') or 'libeay32', ctypes.RTLD_GLOBAL) + openssl.SSL_COMP_get_compression_methods.restype = ctypes.c_void_p + except Exception, err: + logging.debug("Disable SSL compression failed: %s (normal on Windows)" % err) + return False + + openssl.sk_zero.argtypes = [ctypes.c_void_p] + openssl.sk_zero(openssl.SSL_COMP_get_compression_methods()) + logging.debug("Disabled SSL compression on %s" % openssl) if config.disable_sslcompression: - disableSSLCompression() + disableSSLCompression() # https://github.com/gevent/gevent/issues/477 # Re-add sslwrap to Python 2.7.9 __ssl__ = __import__('ssl') - + try: - _ssl = __ssl__._ssl + _ssl = __ssl__._ssl except AttributeError: - _ssl = __ssl__._ssl2 + _ssl = __ssl__._ssl2 OldSSLSocket = __ssl__.SSLSocket + class NewSSLSocket(OldSSLSocket): - #Fix SSLSocket constructor - def __init__( - self, sock, keyfile=None, certfile=None, server_side=False, - cert_reqs=__ssl__.CERT_REQUIRED, ssl_version=2, ca_certs=None, - do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None, - server_hostname=None, _context=None - ): - OldSSLSocket.__init__( - self, sock, keyfile=keyfile, certfile=certfile, - server_side=server_side, cert_reqs=cert_reqs, - ssl_version=ssl_version, ca_certs=ca_certs, - do_handshake_on_connect=do_handshake_on_connect, - suppress_ragged_eofs=suppress_ragged_eofs, ciphers=ciphers - ) + # Fix SSLSocket constructor + + def __init__( + self, sock, keyfile=None, certfile=None, server_side=False, + cert_reqs=__ssl__.CERT_REQUIRED, ssl_version=2, ca_certs=None, + do_handshake_on_connect=True, suppress_ragged_eofs=True, ciphers=None, + server_hostname=None, _context=None + ): + OldSSLSocket.__init__( + self, sock, keyfile=keyfile, certfile=certfile, + server_side=server_side, cert_reqs=cert_reqs, + ssl_version=ssl_version, ca_certs=ca_certs, + do_handshake_on_connect=do_handshake_on_connect, + suppress_ragged_eofs=suppress_ragged_eofs, ciphers=ciphers + ) def new_sslwrap( - sock, server_side=False, keyfile=None, certfile=None, - cert_reqs=__ssl__.CERT_NONE, ssl_version=__ssl__.PROTOCOL_SSLv23, - ca_certs=None, ciphers=None + sock, server_side=False, keyfile=None, certfile=None, + cert_reqs=__ssl__.CERT_NONE, ssl_version=__ssl__.PROTOCOL_SSLv23, + ca_certs=None, ciphers=None ): - context = __ssl__.SSLContext(ssl_version) - context.verify_mode = cert_reqs or __ssl__.CERT_NONE - if ca_certs: - context.load_verify_locations(ca_certs) - if certfile: - context.load_cert_chain(certfile, keyfile) - if ciphers: - context.set_ciphers(ciphers) + context = __ssl__.SSLContext(ssl_version) + context.verify_mode = cert_reqs or __ssl__.CERT_NONE + if ca_certs: + context.load_verify_locations(ca_certs) + if certfile: + context.load_cert_chain(certfile, keyfile) + if ciphers: + context.set_ciphers(ciphers) - caller_self = inspect.currentframe().f_back.f_locals['self'] - return context._wrap_socket(sock, server_side=server_side, ssl_sock=caller_self) + caller_self = inspect.currentframe().f_back.f_locals['self'] + return context._wrap_socket(sock, server_side=server_side, ssl_sock=caller_self) +# Re-add sslwrap to Python 2.7.9+ if not hasattr(_ssl, 'sslwrap'): - import inspect - _ssl.sslwrap = new_sslwrap - __ssl__.SSLSocket = NewSSLSocket - logging.debug("Missing SSLwrap, readded.") + import inspect + _ssl.sslwrap = new_sslwrap + __ssl__.SSLSocket = NewSSLSocket + logging.debug("Missing SSLwrap, readded.") -logging.debug("Python SSL version: %s" % __ssl__.OPENSSL_VERSION) \ No newline at end of file + +# Add SSLContext to gevent.ssl (Ubutunu 15 fix) +try: + import gevent + if not hasattr(gevent.ssl, "SSLContext"): + gevent.ssl.SSLContext = __ssl__.SSLContext + logging.debug("Missing SSLContext, readded.") +except Exception, err: + pass + + +logging.debug("Python SSL version: %s" % __ssl__.OPENSSL_VERSION)