forked from pool/python-TxSNI
Accepting request 794851 from home:mcalabkova:branches:devel:languages:python
- Update to 0.20.0 * Support new OpenSSL * Test ALPN and NPN separately. * Switch cert_builder from print to twisted.logger. - Drop unneeded openssl111.patch OBS-URL: https://build.opensuse.org/request/show/794851 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-TxSNI?expand=0&rev=7
This commit is contained in:
Tomáš Chvátal
committed by
Git OBS Bridge
Git OBS Bridge
parent
b938f63562
commit
e6e130fa95
191
openssl111.patch
191
openssl111.patch
@@ -1,191 +0,0 @@
|
||||
From 197f6a6da9638d2eeeeefb7240eb62feb32295d1 Mon Sep 17 00:00:00 2001
|
||||
From: Mark Williams <mrw@enotuniq.org>
|
||||
Date: Thu, 14 Feb 2019 10:00:50 -0800
|
||||
Subject: [PATCH] Test ALPN and NPN separately.
|
||||
|
||||
OpenSSL does not support NPN with TLS
|
||||
1.3 (https://github.com/openssl/openssl/issues/3665) so don't attempt
|
||||
NPN if it's likely TLS 1.3 will be used.
|
||||
---
|
||||
txsni/test/test_txsni.py | 99 ++++++++++++++++++++++++++++------------
|
||||
1 file changed, 70 insertions(+), 29 deletions(-)
|
||||
|
||||
Index: txsni-0.1.9/txsni/test/test_txsni.py
|
||||
===================================================================
|
||||
--- txsni-0.1.9.orig/txsni/test/test_txsni.py
|
||||
+++ txsni-0.1.9/txsni/test/test_txsni.py
|
||||
@@ -2,10 +2,13 @@ from __future__ import absolute_import
|
||||
|
||||
import os
|
||||
|
||||
+from functools import partial
|
||||
+
|
||||
from txsni.snimap import SNIMap, HostDirectoryMap
|
||||
from txsni.tlsendpoint import TLSEndpoint
|
||||
|
||||
from OpenSSL.crypto import load_certificate, FILETYPE_PEM
|
||||
+from OpenSSL.SSL import Context, SSLv23_METHOD, Connection
|
||||
|
||||
from twisted.internet import protocol, endpoints, reactor, defer, interfaces
|
||||
from twisted.internet.ssl import (
|
||||
@@ -47,7 +50,13 @@ def sni_endpoint():
|
||||
return wrapper_endpoint
|
||||
|
||||
|
||||
-def handshake(client_factory, server_factory, hostname, server_endpoint):
|
||||
+def handshake(
|
||||
+ client_factory,
|
||||
+ server_factory,
|
||||
+ hostname,
|
||||
+ server_endpoint,
|
||||
+ acceptable_protocols=None,
|
||||
+):
|
||||
"""
|
||||
Connect a basic Twisted TLS client endpoint to the provided TxSNI
|
||||
TLSEndpoint. Returns a Deferred that fires when the connection has been
|
||||
@@ -56,12 +65,18 @@ def handshake(client_factory, server_fac
|
||||
"""
|
||||
def connect_client(listening_port):
|
||||
port_number = listening_port.getHost().port
|
||||
-
|
||||
client = endpoints.TCP4ClientEndpoint(
|
||||
reactor, '127.0.0.1', port_number
|
||||
)
|
||||
+
|
||||
+ maybe_alpn = {}
|
||||
+ if acceptable_protocols is not None:
|
||||
+ maybe_alpn['acceptableProtocols'] = acceptable_protocols
|
||||
+
|
||||
options = optionsForClientTLS(
|
||||
- hostname=hostname, trustRoot=PEM_ROOT
|
||||
+ hostname=hostname,
|
||||
+ trustRoot=PEM_ROOT,
|
||||
+ **maybe_alpn
|
||||
)
|
||||
client = endpoints.wrapClientTLS(options, client)
|
||||
connectDeferred = client.connect(client_factory)
|
||||
@@ -88,11 +103,8 @@ class WritingProtocol(protocol.Protocol)
|
||||
|
||||
def dataReceived(self, data):
|
||||
cert = self.transport.getPeerCertificate()
|
||||
+ proto = self.transport.negotiatedProtocol
|
||||
|
||||
- if not skipNegotiation:
|
||||
- proto = self.transport.negotiatedProtocol
|
||||
- else:
|
||||
- proto = None
|
||||
self.transport.abortConnection()
|
||||
self.handshake_deferred.callback((cert, proto))
|
||||
self.handshake_deferred = None
|
||||
@@ -120,23 +132,18 @@ class WriteBackProtocol(protocol.Protoco
|
||||
self.transport.loseConnection()
|
||||
|
||||
|
||||
-try:
|
||||
- @implementer(interfaces.IProtocolNegotiationFactory)
|
||||
- class NegotiatingFactory(protocol.Factory):
|
||||
- """
|
||||
- A Twisted Protocol Factory that implements the protocol negotiation
|
||||
- extensions
|
||||
- """
|
||||
- def acceptableProtocols(self):
|
||||
- return [b'h2', b'http/1.1']
|
||||
-
|
||||
- class WritingNegotiatingFactory(WritingProtocolFactory,
|
||||
- NegotiatingFactory):
|
||||
- pass
|
||||
-
|
||||
- skipNegotiation = False
|
||||
-except AttributeError:
|
||||
- skipNegotiation = "IProtocolNegotiationFactory not supported"
|
||||
+@implementer(interfaces.IProtocolNegotiationFactory)
|
||||
+class NegotiatingFactory(protocol.Factory):
|
||||
+ """
|
||||
+ A Twisted Protocol Factory that implements the protocol negotiation
|
||||
+ extensions
|
||||
+ """
|
||||
+ def acceptableProtocols(self):
|
||||
+ return [b'h2', b'http/1.1']
|
||||
+
|
||||
+class WritingNegotiatingFactory(WritingProtocolFactory,
|
||||
+ NegotiatingFactory):
|
||||
+ pass
|
||||
|
||||
|
||||
class TestSNIMap(unittest.TestCase):
|
||||
@@ -218,16 +225,27 @@ class TestCommunication(unittest.TestCas
|
||||
return handshake_deferred
|
||||
|
||||
|
||||
+
|
||||
+def will_use_tls_1_3():
|
||||
+ """
|
||||
+ Will OpenSSL negotiate TLS 1.3?
|
||||
+ """
|
||||
+ ctx = Context(SSLv23_METHOD)
|
||||
+ connection = Connection(ctx, None)
|
||||
+ return connection.get_protocol_version_name() == u'TLSv1.3'
|
||||
+
|
||||
+
|
||||
class TestNegotiationStillWorks(unittest.TestCase):
|
||||
"""
|
||||
Tests that TxSNI doesn't break protocol negotiation.
|
||||
"""
|
||||
- if skipNegotiation:
|
||||
- skip = skipNegotiation
|
||||
|
||||
- def test_specific_cert_still_negotiates(self):
|
||||
+ EXPECTED_PROTOCOL = b'h2'
|
||||
+
|
||||
+ def assert_specific_cert_still_negotiates(self, perform_handshake):
|
||||
"""
|
||||
- When TxSNI selects a specific cert, protocol negotiation still works.
|
||||
+ When TxSNI selects a specific cert, protocol negotiation still
|
||||
+ works.
|
||||
"""
|
||||
handshake_deferred = defer.Deferred()
|
||||
client_factory = WritingNegotiatingFactory(handshake_deferred)
|
||||
@@ -236,7 +254,7 @@ class TestNegotiationStillWorks(unittest
|
||||
)
|
||||
|
||||
endpoint = sni_endpoint()
|
||||
- d = handshake(
|
||||
+ d = perform_handshake(
|
||||
client_factory=client_factory,
|
||||
server_factory=server_factory,
|
||||
hostname=u'http2bin.org',
|
||||
@@ -245,7 +263,7 @@ class TestNegotiationStillWorks(unittest
|
||||
|
||||
def confirm_cert(args):
|
||||
cert, proto = args
|
||||
- self.assertEqual(proto, b'h2')
|
||||
+ self.assertEqual(proto, self.EXPECTED_PROTOCOL)
|
||||
return d
|
||||
|
||||
def close(args):
|
||||
@@ -255,3 +273,25 @@ class TestNegotiationStillWorks(unittest
|
||||
handshake_deferred.addCallback(confirm_cert)
|
||||
handshake_deferred.addCallback(close)
|
||||
return handshake_deferred
|
||||
+
|
||||
+ def test_specific_cert_still_negotiates_with_alpn(self):
|
||||
+ """
|
||||
+ When TxSNI selects a specific cert, Application Level Protocol
|
||||
+ Negotiation (ALPN) still works.
|
||||
+ """
|
||||
+ return self.assert_specific_cert_still_negotiates(
|
||||
+ partial(handshake, acceptable_protocols=[self.EXPECTED_PROTOCOL])
|
||||
+ )
|
||||
+
|
||||
+
|
||||
+ def test_specific_cert_still_negotiates_with_npn(self):
|
||||
+ """
|
||||
+ When TxSNI selects a specific cert, Next Protocol Negotiation
|
||||
+ (NPN) still works.
|
||||
+ """
|
||||
+ return self.assert_specific_cert_still_negotiates(handshake)
|
||||
+
|
||||
+ if will_use_tls_1_3():
|
||||
+ test_specific_cert_still_negotiates_with_npn.skip = (
|
||||
+ "OpenSSL does not support NPN with TLS 1.3"
|
||||
+ )
|
||||
@@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a1a91b80af8c25b5416fbe3434004bc40c15504c13fd6681af9187b4a220aa5a
|
||||
size 9373
|
||||
3
python-TxSNI-0.2.0.tar.gz
Normal file
3
python-TxSNI-0.2.0.tar.gz
Normal file
@@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:6797f5b303d463c4bafd6a216ccc00a768a679e81cc1240303bb13afa793125c
|
||||
size 9265
|
||||
@@ -1,3 +1,12 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 17 09:38:39 UTC 2020 - Marketa Calabkova <mcalabkova@suse.com>
|
||||
|
||||
- Update to 0.20.0
|
||||
* Support new OpenSSL
|
||||
* Test ALPN and NPN separately.
|
||||
* Switch cert_builder from print to twisted.logger.
|
||||
- Drop unneeded openssl111.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 4 14:29:33 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package python-TxSNI
|
||||
#
|
||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2020 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -18,14 +18,13 @@
|
||||
|
||||
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
|
||||
Name: python-TxSNI
|
||||
Version: 0.1.9
|
||||
Version: 0.2.0
|
||||
Release: 0
|
||||
Summary: Python module for running a TLS server with Twisted
|
||||
License: MIT
|
||||
Group: Development/Languages/Python
|
||||
URL: https://github.com/glyph/txsni
|
||||
Source0: https://github.com/glyph/txsni/archive/v%{version}/%{name}-%{version}.tar.gz
|
||||
Patch0: openssl111.patch
|
||||
BuildRequires: %{python_module Twisted} >= 14.0.0
|
||||
BuildRequires: %{python_module pyOpenSSL} >= 0.14
|
||||
BuildRequires: fdupes
|
||||
@@ -40,7 +39,6 @@ This package brings support for running a TLS server with Twisted.
|
||||
|
||||
%prep
|
||||
%setup -q -n txsni-%{version}
|
||||
%patch0 -p1
|
||||
|
||||
%build
|
||||
%python_build
|
||||
|
||||
Reference in New Issue
Block a user