Merge branch 'master' into develop
This commit is contained in:
Lance Stout
commit
7c485c6a8b
@ -54,13 +54,9 @@ class FeatureSTARTTLS(BasePlugin):
|
|||||||
return False
|
return False
|
||||||
elif not self.xmpp.use_tls:
|
elif not self.xmpp.use_tls:
|
||||||
return False
|
return False
|
||||||
elif self.xmpp.ssl_support:
|
else:
|
||||||
self.xmpp.send(features['starttls'], now=True)
|
self.xmpp.send(features['starttls'], now=True)
|
||||||
return True
|
return True
|
||||||
else:
|
|
||||||
log.warning("The module tlslite is required to log in" + \
|
|
||||||
" to some servers, and has not been found.")
|
|
||||||
return False
|
|
||||||
|
|
||||||
def _handle_starttls_proceed(self, proceed):
|
def _handle_starttls_proceed(self, proceed):
|
||||||
"""Restart the XML stream when TLS is accepted."""
|
"""Restart the XML stream when TLS is accepted."""
|
||||||
|
|||||||
@ -47,13 +47,18 @@ class XEP_0280(BasePlugin):
|
|||||||
register_stanza_plugin(Iq, stanza.CarbonEnable)
|
register_stanza_plugin(Iq, stanza.CarbonEnable)
|
||||||
register_stanza_plugin(Iq, stanza.CarbonDisable)
|
register_stanza_plugin(Iq, stanza.CarbonDisable)
|
||||||
|
|
||||||
|
register_stanza_plugin(stanza.ReceivedCarbon,
|
||||||
|
self.xmpp['xep_0297'].stanza.Forwarded)
|
||||||
|
register_stanza_plugin(stanza.SentCarbon,
|
||||||
|
self.xmpp['xep_0297'].stanza.Forwarded)
|
||||||
|
|
||||||
def plugin_end(self):
|
def plugin_end(self):
|
||||||
self.xmpp.remove_handler('Carbon Received')
|
self.xmpp.remove_handler('Carbon Received')
|
||||||
self.xmpp.remove_handler('Carbon Sent')
|
self.xmpp.remove_handler('Carbon Sent')
|
||||||
self.xmpp.plugin['xep_0030'].del_feature(feature='urn:xmpp:carbons:1')
|
self.xmpp.plugin['xep_0030'].del_feature(feature='urn:xmpp:carbons:2')
|
||||||
|
|
||||||
def session_bind(self, jid):
|
def session_bind(self, jid):
|
||||||
self.xmpp.plugin['xep_0030'].add_feature('urn:xmpp:carbons:1')
|
self.xmpp.plugin['xep_0030'].add_feature('urn:xmpp:carbons:2')
|
||||||
|
|
||||||
def _handle_carbon_received(self, msg):
|
def _handle_carbon_received(self, msg):
|
||||||
self.xmpp.event('carbon_received', msg)
|
self.xmpp.event('carbon_received', msg)
|
||||||
|
|||||||
@ -11,54 +11,54 @@ from sleekxmpp.xmlstream import ElementBase
|
|||||||
|
|
||||||
class ReceivedCarbon(ElementBase):
|
class ReceivedCarbon(ElementBase):
|
||||||
name = 'received'
|
name = 'received'
|
||||||
namespace = 'urn:xmpp:carbons:1'
|
namespace = 'urn:xmpp:carbons:2'
|
||||||
plugin_attrib = 'carbon_received'
|
plugin_attrib = 'carbon_received'
|
||||||
interfaces = set(['carbon_received'])
|
interfaces = set(['carbon_received'])
|
||||||
is_extension = True
|
is_extension = True
|
||||||
|
|
||||||
def get_carbon_received(self):
|
def get_carbon_received(self):
|
||||||
return self.parent()['forwarded']['stanza']
|
return self['forwarded']['stanza']
|
||||||
|
|
||||||
def del_carbon_received(self):
|
def del_carbon_received(self):
|
||||||
del self.parent()['forwarded']['stanza']
|
del self['forwarded']['stanza']
|
||||||
|
|
||||||
def set_carbon_received(self, stanza):
|
def set_carbon_received(self, stanza):
|
||||||
self.parent()['forwarded']['stanza'] = stanza
|
self['forwarded']['stanza'] = stanza
|
||||||
|
|
||||||
|
|
||||||
class SentCarbon(ElementBase):
|
class SentCarbon(ElementBase):
|
||||||
name = 'sent'
|
name = 'sent'
|
||||||
namespace = 'urn:xmpp:carbons:1'
|
namespace = 'urn:xmpp:carbons:2'
|
||||||
plugin_attrib = 'carbon_sent'
|
plugin_attrib = 'carbon_sent'
|
||||||
interfaces = set(['carbon_sent'])
|
interfaces = set(['carbon_sent'])
|
||||||
is_extension = True
|
is_extension = True
|
||||||
|
|
||||||
def get_carbon_sent(self):
|
def get_carbon_sent(self):
|
||||||
return self.parent()['forwarded']['stanza']
|
return self['forwarded']['stanza']
|
||||||
|
|
||||||
def del_carbon_sent(self):
|
def del_carbon_sent(self):
|
||||||
del self.parent()['forwarded']['stanza']
|
del self['forwarded']['stanza']
|
||||||
|
|
||||||
def set_carbon_sent(self, stanza):
|
def set_carbon_sent(self, stanza):
|
||||||
self.parent()['forwarded']['stanza'] = stanza
|
self['forwarded']['stanza'] = stanza
|
||||||
|
|
||||||
|
|
||||||
class PrivateCarbon(ElementBase):
|
class PrivateCarbon(ElementBase):
|
||||||
name = 'private'
|
name = 'private'
|
||||||
namespace = 'urn:xmpp:carbons:1'
|
namespace = 'urn:xmpp:carbons:2'
|
||||||
plugin_attrib = 'carbon_private'
|
plugin_attrib = 'carbon_private'
|
||||||
interfaces = set()
|
interfaces = set()
|
||||||
|
|
||||||
|
|
||||||
class CarbonEnable(ElementBase):
|
class CarbonEnable(ElementBase):
|
||||||
name = 'enable'
|
name = 'enable'
|
||||||
namespace = 'urn:xmpp:carbons:1'
|
namespace = 'urn:xmpp:carbons:2'
|
||||||
plugin_attrib = 'carbon_enable'
|
plugin_attrib = 'carbon_enable'
|
||||||
interfaces = set()
|
interfaces = set()
|
||||||
|
|
||||||
|
|
||||||
class CarbonDisable(ElementBase):
|
class CarbonDisable(ElementBase):
|
||||||
name = 'disable'
|
name = 'disable'
|
||||||
namespace = 'urn:xmpp:carbons:1'
|
namespace = 'urn:xmpp:carbons:2'
|
||||||
plugin_attrib = 'carbon_disable'
|
plugin_attrib = 'carbon_disable'
|
||||||
interfaces = set()
|
interfaces = set()
|
||||||
|
|||||||
@ -662,7 +662,7 @@ class ElementBase(object):
|
|||||||
full_attrib = attrib
|
full_attrib = attrib
|
||||||
attrib_lang = ('%s|' % attrib).split('|')
|
attrib_lang = ('%s|' % attrib).split('|')
|
||||||
attrib = attrib_lang[0]
|
attrib = attrib_lang[0]
|
||||||
lang = attrib_lang[1] or ''
|
lang = attrib_lang[1] or None
|
||||||
|
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
if lang and attrib in self.lang_interfaces:
|
if lang and attrib in self.lang_interfaces:
|
||||||
@ -738,7 +738,7 @@ class ElementBase(object):
|
|||||||
full_attrib = attrib
|
full_attrib = attrib
|
||||||
attrib_lang = ('%s|' % attrib).split('|')
|
attrib_lang = ('%s|' % attrib).split('|')
|
||||||
attrib = attrib_lang[0]
|
attrib = attrib_lang[0]
|
||||||
lang = attrib_lang[1] or ''
|
lang = attrib_lang[1] or None
|
||||||
|
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
if lang and attrib in self.lang_interfaces:
|
if lang and attrib in self.lang_interfaces:
|
||||||
@ -824,7 +824,7 @@ class ElementBase(object):
|
|||||||
full_attrib = attrib
|
full_attrib = attrib
|
||||||
attrib_lang = ('%s|' % attrib).split('|')
|
attrib_lang = ('%s|' % attrib).split('|')
|
||||||
attrib = attrib_lang[0]
|
attrib = attrib_lang[0]
|
||||||
lang = attrib_lang[1] or ''
|
lang = attrib_lang[1] or None
|
||||||
|
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
if lang and attrib in self.lang_interfaces:
|
if lang and attrib in self.lang_interfaces:
|
||||||
@ -862,7 +862,7 @@ class ElementBase(object):
|
|||||||
del plugin[full_attrib]
|
del plugin[full_attrib]
|
||||||
del self.plugins[(attrib, None)]
|
del self.plugins[(attrib, None)]
|
||||||
else:
|
else:
|
||||||
del self.plugins[(attrib, lang)]
|
del self.plugins[(attrib, plugin['lang'])]
|
||||||
self.loaded_plugins.remove(attrib)
|
self.loaded_plugins.remove(attrib)
|
||||||
try:
|
try:
|
||||||
self.xml.remove(plugin.xml)
|
self.xml.remove(plugin.xml)
|
||||||
|
|||||||
@ -58,9 +58,6 @@ WAIT_TIMEOUT = 0.1
|
|||||||
#: a GIL increasing this value can provide better performance.
|
#: a GIL increasing this value can provide better performance.
|
||||||
HANDLER_THREADS = 1
|
HANDLER_THREADS = 1
|
||||||
|
|
||||||
#: Flag indicating if the SSL library is available for use.
|
|
||||||
SSL_SUPPORT = True
|
|
||||||
|
|
||||||
#: The time in seconds to delay between attempts to resend data
|
#: The time in seconds to delay between attempts to resend data
|
||||||
#: after an SSL error.
|
#: after an SSL error.
|
||||||
SSL_RETRY_DELAY = 0.5
|
SSL_RETRY_DELAY = 0.5
|
||||||
@ -117,9 +114,6 @@ class XMLStream(object):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, socket=None, host='', port=0):
|
def __init__(self, socket=None, host='', port=0):
|
||||||
#: Flag indicating if the SSL library is available for use.
|
|
||||||
self.ssl_support = SSL_SUPPORT
|
|
||||||
|
|
||||||
#: Most XMPP servers support TLSv1, but OpenFire in particular
|
#: Most XMPP servers support TLSv1, but OpenFire in particular
|
||||||
#: does not work well with it. For OpenFire, set
|
#: does not work well with it. For OpenFire, set
|
||||||
#: :attr:`ssl_version` to use ``SSLv23``::
|
#: :attr:`ssl_version` to use ``SSLv23``::
|
||||||
@ -506,7 +500,7 @@ class XMLStream(object):
|
|||||||
self.reconnect_delay = delay
|
self.reconnect_delay = delay
|
||||||
return False
|
return False
|
||||||
|
|
||||||
if self.use_ssl and self.ssl_support:
|
if self.use_ssl:
|
||||||
log.debug("Socket Wrapped for SSL")
|
log.debug("Socket Wrapped for SSL")
|
||||||
if self.ca_certs is None:
|
if self.ca_certs is None:
|
||||||
cert_policy = ssl.CERT_NONE
|
cert_policy = ssl.CERT_NONE
|
||||||
@ -535,7 +529,7 @@ class XMLStream(object):
|
|||||||
log.debug("Connecting to %s:%s", domain, self.address[1])
|
log.debug("Connecting to %s:%s", domain, self.address[1])
|
||||||
self.socket.connect(self.address)
|
self.socket.connect(self.address)
|
||||||
|
|
||||||
if self.use_ssl and self.ssl_support:
|
if self.use_ssl:
|
||||||
try:
|
try:
|
||||||
self.socket.do_handshake()
|
self.socket.do_handshake()
|
||||||
except (Socket.error, ssl.SSLError):
|
except (Socket.error, ssl.SSLError):
|
||||||
@ -823,59 +817,56 @@ class XMLStream(object):
|
|||||||
If the handshake is successful, the XML stream will need
|
If the handshake is successful, the XML stream will need
|
||||||
to be restarted.
|
to be restarted.
|
||||||
"""
|
"""
|
||||||
if self.ssl_support:
|
log.info("Negotiating TLS")
|
||||||
log.info("Negotiating TLS")
|
log.info("Using SSL version: %s", str(self.ssl_version))
|
||||||
log.info("Using SSL version: %s", str(self.ssl_version))
|
if self.ca_certs is None:
|
||||||
if self.ca_certs is None:
|
cert_policy = ssl.CERT_NONE
|
||||||
cert_policy = ssl.CERT_NONE
|
|
||||||
else:
|
|
||||||
cert_policy = ssl.CERT_REQUIRED
|
|
||||||
|
|
||||||
ssl_socket = ssl.wrap_socket(self.socket,
|
|
||||||
certfile=self.certfile,
|
|
||||||
keyfile=self.keyfile,
|
|
||||||
ssl_version=self.ssl_version,
|
|
||||||
do_handshake_on_connect=False,
|
|
||||||
ca_certs=self.ca_certs,
|
|
||||||
cert_reqs=cert_policy)
|
|
||||||
|
|
||||||
if hasattr(self.socket, 'socket'):
|
|
||||||
# We are using a testing socket, so preserve the top
|
|
||||||
# layer of wrapping.
|
|
||||||
self.socket.socket = ssl_socket
|
|
||||||
else:
|
|
||||||
self.socket = ssl_socket
|
|
||||||
|
|
||||||
try:
|
|
||||||
self.socket.do_handshake()
|
|
||||||
except (Socket.error, ssl.SSLError):
|
|
||||||
log.error('CERT: Invalid certificate trust chain.')
|
|
||||||
if not self.event_handled('ssl_invalid_chain'):
|
|
||||||
self.disconnect(self.auto_reconnect, send_close=False)
|
|
||||||
else:
|
|
||||||
self.event('ssl_invalid_chain', direct=True)
|
|
||||||
return False
|
|
||||||
|
|
||||||
self._der_cert = self.socket.getpeercert(binary_form=True)
|
|
||||||
pem_cert = ssl.DER_cert_to_PEM_cert(self._der_cert)
|
|
||||||
log.debug('CERT: %s', pem_cert)
|
|
||||||
self.event('ssl_cert', pem_cert, direct=True)
|
|
||||||
|
|
||||||
try:
|
|
||||||
cert.verify(self._expected_server_name, self._der_cert)
|
|
||||||
except cert.CertificateError as err:
|
|
||||||
if not self.event_handled('ssl_invalid_cert'):
|
|
||||||
log.error(err.message)
|
|
||||||
self.disconnect(self.auto_reconnect, send_close=False)
|
|
||||||
else:
|
|
||||||
self.event('ssl_invalid_cert', pem_cert, direct=True)
|
|
||||||
|
|
||||||
self.set_socket(self.socket)
|
|
||||||
return True
|
|
||||||
else:
|
else:
|
||||||
log.warning("Tried to enable TLS, but ssl module not found.")
|
cert_policy = ssl.CERT_REQUIRED
|
||||||
|
|
||||||
|
ssl_socket = ssl.wrap_socket(self.socket,
|
||||||
|
certfile=self.certfile,
|
||||||
|
keyfile=self.keyfile,
|
||||||
|
ssl_version=self.ssl_version,
|
||||||
|
do_handshake_on_connect=False,
|
||||||
|
ca_certs=self.ca_certs,
|
||||||
|
cert_reqs=cert_policy)
|
||||||
|
|
||||||
|
if hasattr(self.socket, 'socket'):
|
||||||
|
# We are using a testing socket, so preserve the top
|
||||||
|
# layer of wrapping.
|
||||||
|
self.socket.socket = ssl_socket
|
||||||
|
else:
|
||||||
|
self.socket = ssl_socket
|
||||||
|
|
||||||
|
try:
|
||||||
|
self.socket.do_handshake()
|
||||||
|
except (Socket.error, ssl.SSLError):
|
||||||
|
log.error('CERT: Invalid certificate trust chain.')
|
||||||
|
if not self.event_handled('ssl_invalid_chain'):
|
||||||
|
self.disconnect(self.auto_reconnect, send_close=False)
|
||||||
|
else:
|
||||||
|
self._der_cert = self.socket.getpeercert(binary_form=True)
|
||||||
|
self.event('ssl_invalid_chain', direct=True)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
self._der_cert = self.socket.getpeercert(binary_form=True)
|
||||||
|
pem_cert = ssl.DER_cert_to_PEM_cert(self._der_cert)
|
||||||
|
log.debug('CERT: %s', pem_cert)
|
||||||
|
self.event('ssl_cert', pem_cert, direct=True)
|
||||||
|
|
||||||
|
try:
|
||||||
|
cert.verify(self._expected_server_name, self._der_cert)
|
||||||
|
except cert.CertificateError as err:
|
||||||
|
if not self.event_handled('ssl_invalid_cert'):
|
||||||
|
log.error(err.message)
|
||||||
|
self.disconnect(self.auto_reconnect, send_close=False)
|
||||||
|
else:
|
||||||
|
self.event('ssl_invalid_cert', pem_cert, direct=True)
|
||||||
|
|
||||||
|
self.set_socket(self.socket)
|
||||||
|
return True
|
||||||
|
|
||||||
def _cert_expiration(self, event):
|
def _cert_expiration(self, event):
|
||||||
"""Schedule an event for when the TLS certificate expires."""
|
"""Schedule an event for when the TLS certificate expires."""
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user