Ticket #5374: sni-client.patch

File sni-client.patch, 6.8 KB (added by moxie, 3 years ago)

Patch to enable client-side SNI support for TLS connections.

  • twisted/test/proto_helpers.py

     
    425425 
    426426 
    427427    def connectSSL(self, host, port, factory, contextFactory, 
    428                    timeout=30, bindAddress=None): 
     428                   timeout=30, bindAddress=None, sni=None): 
    429429        """ 
    430430        Fake L{reactor.connectSSL}, that logs the call and returns an 
    431431        L{IConnector}. 
     
    500500 
    501501 
    502502    def connectSSL(self, host, port, factory, contextFactory, 
    503                    timeout=30, bindAddress=None): 
     503                   timeout=30, bindAddress=None, sni=None): 
    504504        """ 
    505505        Fake L{reactor.connectSSL}, that raises L{self._connectException}. 
    506506        """ 
  • twisted/manhole/gladereactor.py

     
    4242        factory = LoggingFactory(factory) 
    4343        return sup.listenSSL(self, port, factory, contextFactory, backlog, interface) 
    4444 
    45     def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None): 
     45    def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None, sni=None): 
    4646        from _inspectro import LoggingFactory 
    4747        factory = LoggingFactory(factory) 
    48         return sup.connectSSL(self, host, port, factory, contextFactory, timeout, bindAddress) 
     48        return sup.connectSSL(self, host, port, factory, contextFactory, timeout, bindAddress, sni) 
    4949 
    5050    def connectUNIX(self, address, factory, timeout=30): 
    5151        from _inspectro import LoggingFactory 
  • twisted/protocols/tls.py

     
    271271        ProtocolWrapper.__init__(self, factory, wrappedProtocol) 
    272272        self._connectWrapped = _connectWrapped 
    273273 
    274  
    275274    def getHandle(self): 
    276275        """ 
    277276        Return the L{OpenSSL.SSL.Connection} object being used to encrypt and 
     
    294293        self._tlsConnection = Connection(tlsContext, None) 
    295294        if self.factory._isClient: 
    296295            self._tlsConnection.set_connect_state() 
     296 
     297            if self.factory._sni is not None: 
     298                try: 
     299                    self._tlsConnection.set_tlsext_host_name(self.factory._sni) 
     300                except AttributeError: 
     301                    pass 
    297302        else: 
    298303            self._tlsConnection.set_accept_state() 
    299304        self._appSendBuffer = [] 
     
    579584 
    580585    noisy = False  # disable unnecessary logging. 
    581586     
    582     def __init__(self, contextFactory, isClient, wrappedFactory): 
     587    def __init__(self, contextFactory, isClient, wrappedFactory, sni=None): 
    583588        WrappingFactory.__init__(self, wrappedFactory) 
    584589        self._contextFactory = contextFactory 
    585590        self._isClient = isClient 
     591        self._sni      = sni 
    586592 
    587593 
    588594    def logPrefix(self): 
  • twisted/internet/posixbase.py

     
    440440 
    441441    # IReactorSSL (sometimes, not implemented) 
    442442 
    443     def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None): 
     443    def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None, sni=None): 
    444444        """@see: twisted.internet.interfaces.IReactorSSL.connectSSL 
    445445        """ 
    446446        if tls is not None: 
    447             tlsFactory = tls.TLSMemoryBIOFactory(contextFactory, True, factory) 
     447            tlsFactory = tls.TLSMemoryBIOFactory(contextFactory, True, factory, sni=sni) 
    448448            return self.connectTCP(host, port, tlsFactory, timeout, bindAddress) 
    449449        elif ssl is not None: 
    450450            c = ssl.Connector( 
  • twisted/internet/interfaces.py

     
    285285 
    286286class IReactorSSL(Interface): 
    287287 
    288     def connectSSL(host, port, factory, contextFactory, timeout=30, bindAddress=None): 
     288    def connectSSL(host, port, factory, contextFactory, timeout=30, bindAddress=None, sni=None): 
    289289        """ 
    290290        Connect a client Protocol to a remote SSL socket. 
    291291 
     
    303303        @param bindAddress: a (host, port) tuple of local address to bind to, 
    304304                            or C{None}. 
    305305 
     306        @param sni: a host name to include as the Server Name Indication field 
     307                    during the TLS handshake. 
     308 
    306309        @return: An object which provides L{IConnector}. 
    307310        """ 
    308311 
  • twisted/internet/iocpreactor/reactor.py

     
    181181            return port 
    182182 
    183183 
    184         def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None): 
     184        def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None, sni=None): 
    185185            """ 
    186186            @see: twisted.internet.interfaces.IReactorSSL.connectSSL 
    187187            """ 
    188188            return self.connectTCP( 
    189189                host, port, 
    190                 TLSMemoryBIOFactory(contextFactory, True, factory), 
     190                TLSMemoryBIOFactory(contextFactory, True, factory, sni=sni), 
    191191                timeout, bindAddress) 
    192192    else: 
    193193        def listenSSL(self, port, factory, contextFactory, backlog=50, interface=''): 
     
    202202                "SSL APIs.") 
    203203 
    204204 
    205         def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None): 
     205        def connectSSL(self, host, port, factory, contextFactory, timeout=30, bindAddress=None, sni=None): 
    206206            """ 
    207207            Non-implementation of L{IReactorSSL.connectSSL}.  Some dependency 
    208208            is not satisfied.  This implementation always raises 
  • twisted/internet/protocol.py

     
    280280            checkPID=checkPID) 
    281281 
    282282 
    283     def connectSSL(self, host, port, contextFactory, timeout=30, bindAddress=None): 
     283    def connectSSL(self, host, port, contextFactory, timeout=30, bindAddress=None, sni=None): 
    284284        """ 
    285285        Connect to an SSL server. 
    286286 
     
    294294        return self._connect( 
    295295            self.reactor.connectSSL, host, port, 
    296296            contextFactory=contextFactory, timeout=timeout, 
    297             bindAddress=bindAddress) 
     297            bindAddress=bindAddress, sni=sni) 
    298298 
    299299 
    300300