Ticket #5374: sni-client.patch

File sni-client.patch, 6.8 KB (added by moxie, 4 years ago)

Patch to enable client-side SNI support for TLS connections.

  • twisted/test/proto_helpers.py

     
    425425
    426426
    427427    def connectSSL(self, host, port, factory, contextFactory,
    428                    timeout=30, bindAddress=None):
     428                   timeout=30, bindAddress=None, sni=None):
    429429        """
    430430        Fake L{reactor.connectSSL}, that logs the call and returns an
    431431        L{IConnector}.
     
    500500
    501501
    502502    def connectSSL(self, host, port, factory, contextFactory,
    503                    timeout=30, bindAddress=None):
     503                   timeout=30, bindAddress=None, sni=None):
    504504        """
    505505        Fake L{reactor.connectSSL}, that raises L{self._connectException}.
    506506        """
  • twisted/manhole/gladereactor.py

     
    4242        factory = LoggingFactory(factory)
    4343        return sup.listenSSL(self, port, factory, contextFactory, backlog, interface)
    4444
    45     def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None):
     45    def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None, sni=None):
    4646        from _inspectro import LoggingFactory
    4747        factory = LoggingFactory(factory)
    48         return sup.connectSSL(self, host, port, factory, contextFactory, timeout, bindAddress)
     48        return sup.connectSSL(self, host, port, factory, contextFactory, timeout, bindAddress, sni)
    4949
    5050    def connectUNIX(self, address, factory, timeout=30):
    5151        from _inspectro import LoggingFactory
  • twisted/protocols/tls.py

     
    271271        ProtocolWrapper.__init__(self, factory, wrappedProtocol)
    272272        self._connectWrapped = _connectWrapped
    273273
    274 
    275274    def getHandle(self):
    276275        """
    277276        Return the L{OpenSSL.SSL.Connection} object being used to encrypt and
     
    294293        self._tlsConnection = Connection(tlsContext, None)
    295294        if self.factory._isClient:
    296295            self._tlsConnection.set_connect_state()
     296
     297            if self.factory._sni is not None:
     298                try:
     299                    self._tlsConnection.set_tlsext_host_name(self.factory._sni)
     300                except AttributeError:
     301                    pass
    297302        else:
    298303            self._tlsConnection.set_accept_state()
    299304        self._appSendBuffer = []
     
    579584
    580585    noisy = False  # disable unnecessary logging.
    581586   
    582     def __init__(self, contextFactory, isClient, wrappedFactory):
     587    def __init__(self, contextFactory, isClient, wrappedFactory, sni=None):
    583588        WrappingFactory.__init__(self, wrappedFactory)
    584589        self._contextFactory = contextFactory
    585590        self._isClient = isClient
     591        self._sni      = sni
    586592
    587593
    588594    def logPrefix(self):
  • twisted/internet/posixbase.py

     
    440440
    441441    # IReactorSSL (sometimes, not implemented)
    442442
    443     def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None):
     443    def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None, sni=None):
    444444        """@see: twisted.internet.interfaces.IReactorSSL.connectSSL
    445445        """
    446446        if tls is not None:
    447             tlsFactory = tls.TLSMemoryBIOFactory(contextFactory, True, factory)
     447            tlsFactory = tls.TLSMemoryBIOFactory(contextFactory, True, factory, sni=sni)
    448448            return self.connectTCP(host, port, tlsFactory, timeout, bindAddress)
    449449        elif ssl is not None:
    450450            c = ssl.Connector(
  • twisted/internet/interfaces.py

     
    285285
    286286class IReactorSSL(Interface):
    287287
    288     def connectSSL(host, port, factory, contextFactory, timeout=30, bindAddress=None):
     288    def connectSSL(host, port, factory, contextFactory, timeout=30, bindAddress=None, sni=None):
    289289        """
    290290        Connect a client Protocol to a remote SSL socket.
    291291
     
    303303        @param bindAddress: a (host, port) tuple of local address to bind to,
    304304                            or C{None}.
    305305
     306        @param sni: a host name to include as the Server Name Indication field
     307                    during the TLS handshake.
     308
    306309        @return: An object which provides L{IConnector}.
    307310        """
    308311
  • twisted/internet/iocpreactor/reactor.py

     
    181181            return port
    182182
    183183
    184         def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None):
     184        def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None, sni=None):
    185185            """
    186186            @see: twisted.internet.interfaces.IReactorSSL.connectSSL
    187187            """
    188188            return self.connectTCP(
    189189                host, port,
    190                 TLSMemoryBIOFactory(contextFactory, True, factory),
     190                TLSMemoryBIOFactory(contextFactory, True, factory, sni=sni),
    191191                timeout, bindAddress)
    192192    else:
    193193        def listenSSL(self, port, factory, contextFactory, backlog=50, interface=''):
     
    202202                "SSL APIs.")
    203203
    204204
    205         def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None):
     205        def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None, sni=None):
    206206            """
    207207            Non-implementation of L{IReactorSSL.connectSSL}.  Some dependency
    208208            is not satisfied.  This implementation always raises
  • twisted/internet/protocol.py

     
    280280            checkPID=checkPID)
    281281
    282282
    283     def connectSSL(self, host, port, contextFactory, timeout=30, bindAddress=None):
     283    def connectSSL(self, host, port, contextFactory, timeout=30, bindAddress=None, sni=None):
    284284        """
    285285        Connect to an SSL server.
    286286
     
    294294        return self._connect(
    295295            self.reactor.connectSSL, host, port,
    296296            contextFactory=contextFactory, timeout=timeout,
    297             bindAddress=bindAddress)
     297            bindAddress=bindAddress, sni=sni)
    298298
    299299
    300300