From ef96c98dae59a62682073aea1afca9634529bed7 Mon Sep 17 00:00:00 2001 From: datadavev <605409+datadavev@users.noreply.github.com> Date: Tue, 6 Jul 2021 08:22:29 -0400 Subject: [PATCH] removing test file from main --- README.md | 1 + htrace/ssl_check.py | 108 -------------------------------------------- 2 files changed, 1 insertion(+), 108 deletions(-) delete mode 100644 htrace/ssl_check.py diff --git a/README.md b/README.md index da4810b..0576844 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ Options: -R, --link-rel TEXT Follow link header with rel -U, --user-agent TEXT User agent header value --help Show this message and exit. + --version Print version info ``` Example: diff --git a/htrace/ssl_check.py b/htrace/ssl_check.py deleted file mode 100644 index f74c396..0000000 --- a/htrace/ssl_check.py +++ /dev/null @@ -1,108 +0,0 @@ -import logging -import socket -import ssl -import certifi - -# hacky pile - seems there's an option probably coming in 3.10 for direct access to peer cert chain -# https://github.com/python/cpython/pull/25467 - -L = logging.getLogger("ssl_check") - -def sslWrapSocket(sock, keyfile=None, certfile=None, cert_reqs=None, - ca_certs=None, server_hostname=None, - ssl_version=None): - context = ssl.SSLContext(ssl_version) - context.verify_mode = cert_reqs - - if ca_certs: - try: - context.load_verify_locations(ca_certs) - # Py32 raises IOError - # Py33 raises FileNotFoundError - except Exception as e: # Reraise as SSLError - L.debug("load verify_locations failed: %s", ca_certs) - raise ssl.SSLError(e) - - if certfile: - # FIXME: This block needs a test. - context.load_cert_chain(certfile, keyfile) - - if ssl.HAS_SNI: # Platform-specific: OpenSSL with enabled SNI - return (context, context.wrap_socket(sock, server_hostname=server_hostname)) - - return (context, context.wrap_socket(sock)) - - -def sslCheck(host_name, port=443): - s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - - - s.settimeout(10) - s.connect((host_name, port)) - - (context, ssl_socket) = sslWrapSocket(s, - ssl_version=ssl.PROTOCOL_TLS, - cert_reqs=ssl.CERT_REQUIRED, - ca_certs=certifi.where(), - server_hostname=host_name) - #conn.setblocking(1) - #conn.do_handshake() - #conn.set_tlsext_host_name(hostname.encode()) - res = ssl_socket.getpeercert() - return res - -def test(): - import socket - - from ssl import wrap_socket, CERT_NONE, PROTOCOL_SSLv23 - from ssl import SSLContext # Modern SSL? - from ssl import HAS_SNI # Has SNI? - - from pprint import pprint - - def ssl_wrap_socket(sock, keyfile=None, certfile=None, cert_reqs=None, - ca_certs=None, server_hostname=None, - ssl_version=None): - context = SSLContext(ssl_version) - context.verify_mode = cert_reqs - - if ca_certs: - try: - context.load_verify_locations(ca_certs) - # Py32 raises IOError - # Py33 raises FileNotFoundError - except Exception as e: # Reraise as SSLError - raise ssl.SSLError(e) - - if certfile: - # FIXME: This block needs a test. - context.load_cert_chain(certfile, keyfile) - - if HAS_SNI: # Platform-specific: OpenSSL with enabled SNI - return (context, context.wrap_socket(sock, server_hostname=server_hostname)) - - return (context, context.wrap_socket(sock)) - - hostname = 'www.google.com' - - s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - s.connect((hostname, 443)) - - (context, ssl_socket) = ssl_wrap_socket(s, - ssl_version=2, - cert_reqs=2, - ca_certs=certifi.where(), - server_hostname=hostname) - - pprint(dir(ssl_socket)) - pprint(ssl_socket.getpeercert()) - - s.close() - - -if __name__ == "__main__": - logging.basicConfig(level=logging.DEBUG) - import pprint - #pprint.pprint(sslCheck("api.geosamples.org")) - #pprint.pprint(sslCheck("google.com")) - test()