Bump version for 1.1.3

Add extra check for the cert in the expiration handler.
Use False for use_tls for components.
2012-06-09 11:32:03 -07:00 · 2012-06-09 11:01:45 -07:00 · 2012-06-09 11:01:35 -07:00 · 2012-06-09 11:01:21 -07:00 · 2012-06-09 11:01:11 -07:00 · 2012-06-09 11:00:55 -07:00
5 changed files with 43 additions and 15 deletions
--- a/README.rst
+++ b/README.rst
@@ -45,7 +45,7 @@ The latest source code for SleekXMPP may be found on `Github
 ``develop`` branch.

 **Latest Release**
-    - `1.1.2 <http://github.com/fritzy/SleekXMPP/zipball/1.1.2>`_
+    - `1.1.3 <http://github.com/fritzy/SleekXMPP/zipball/1.1.3>`_

 **Develop Releases**
    - `Latest Develop Version <http://github.com/fritzy/SleekXMPP/zipball/develop>`_
--- a/sleekxmpp/basexmpp.py
+++ b/sleekxmpp/basexmpp.py
@@ -737,7 +737,8 @@ class BaseXMPP(XMLStream):
        if not self.is_component and not presence['to'].bare:
            presence['to'] = self.boundjid

-        self.event("presence_%s" % presence['type'], presence)
+        self.event('presence', presence)
+        self.event('presence_%s' % presence['type'], presence)

        # Check for changes in subscription state.
        if presence['type'] in ('subscribe', 'subscribed',
--- a/sleekxmpp/componentxmpp.py
+++ b/sleekxmpp/componentxmpp.py
@@ -79,7 +79,7 @@ class ComponentXMPP(BaseXMPP):
                               self._handle_probe)

    def connect(self, host=None, port=None, use_ssl=False, 
-                      use_tls=True, reattempt=True):
+                      use_tls=False, reattempt=True):
        """Connect to the server.

        Setting ``reattempt`` to ``True`` will cause connection attempts to
@@ -104,10 +104,13 @@ class ComponentXMPP(BaseXMPP):

        self.server_name = self.boundjid.host

+        if use_tls:
+            log.info("XEP-0114 components can not use TLS")
+
        log.debug("Connecting to %s:%s", host, port)
        return XMLStream.connect(self, host=host, port=port,
                                       use_ssl=use_ssl,
-                                       use_tls=use_tls,
+                                       use_tls=False,
                                       reattempt=reattempt)

    def incoming_filter(self, xml):
--- a/sleekxmpp/version.py
+++ b/sleekxmpp/version.py
@@ -9,5 +9,5 @@
 # We don't want to have to import the entire library
 # just to get the version info for setup.py

-__version__ = '1.1.2'
-__version_info__ = (1, 1, 2, '', 0)
+__version__ = '1.1.3'
+__version_info__ = (1, 1, 3, '', 0)
--- a/sleekxmpp/xmlstream/xmlstream.py
+++ b/sleekxmpp/xmlstream/xmlstream.py
@@ -493,7 +493,8 @@ class XMLStream(object):

            ssl_socket = ssl.wrap_socket(self.socket,
                                         ca_certs=self.ca_certs,
-                                         cert_reqs=cert_policy)
+                                         cert_reqs=cert_policy,
+                                         do_handshake_on_connect=False)

            if hasattr(self.socket, 'socket'):
                # We are using a testing socket, so preserve the top
@@ -511,6 +512,16 @@ class XMLStream(object):
                self.socket.connect(self.address)

                if self.use_ssl and self.ssl_support:
+                    try:
+                        self.socket.do_handshake()
+                    except (Socket.error, ssl.SSLError):
+                        log.error('CERT: Invalid certificate trust chain.')
+                        if not self.event_handled('ssl_invalid_chain'):
+                            self.disconnect(self.auto_reconnect, send_close=False)
+                        else:
+                            self.event('ssl_invalid_chain', direct=True)
+                        return False
+
                    self._der_cert = self.socket.getpeercert(binary_form=True)
                    pem_cert = ssl.DER_cert_to_PEM_cert(self._der_cert)
                    log.debug('CERT: %s', pem_cert)
@@ -520,8 +531,10 @@ class XMLStream(object):
                        cert.verify(self._expected_server_name, self._der_cert)
                    except cert.CertificateError as err:
                        log.error(err.message)
-                        self.event('ssl_invalid_cert', cert, direct=True)
-                        self.disconnect(send_close=False)
+                        if not self.event_handled('ssl_invalid_cert'):
+                            self.disconnect(send_close=False)
+                        else:
+                            self.event('ssl_invalid_cert', cert, direct=True)

            self.set_socket(self.socket, ignore=True)
            #this event is where you should set your application state
@@ -788,10 +801,12 @@ class XMLStream(object):

            try:
                self.socket.do_handshake()
-            except:
+            except (Socket.error, ssl.SSLError):
                log.error('CERT: Invalid certificate trust chain.')
-                self.event('ssl_invalid_chain', direct=True)
-                self.disconnect(self.auto_reconnect, send_close=False)
+                if not self.event_handled('ssl_invalid_chain'):
+                    self.disconnect(self.auto_reconnect, send_close=False)
+                else:
+                    self.event('ssl_invalid_chain', direct=True)
                return False

            self._der_cert = self.socket.getpeercert(binary_form=True)
@@ -803,9 +818,10 @@ class XMLStream(object):
                cert.verify(self._expected_server_name, self._der_cert)
            except cert.CertificateError as err:
                log.error(err.message)
-                self.event('ssl_invalid_cert', cert, direct=True)
                if not self.event_handled('ssl_invalid_cert'):
                    self.disconnect(self.auto_reconnect, send_close=False)
+                else:
+                    self.event('ssl_invalid_cert', cert, direct=True)

            self.set_socket(self.socket)
            return True
@@ -819,9 +835,17 @@ class XMLStream(object):
        if not self.use_tls and not self.use_ssl:
            return

+        if not self._der_cert:
+            log.warn("TLS or SSL was enabled, but no certificate was found.")
+            return
+
        def restart():
-            log.warn("The server certificate has expired. Restarting.")
-            self.reconnect()
+            if not self.event_handled('ssl_expired_cert'):
+                log.warn("The server certificate has expired. Restarting.")
+                self.reconnect()
+            else:
+                pem_cert = ssl.DER_cert_to_PEM_cert(self._der_cert)
+                self.event('ssl_expired_cert', pem_cert)

        cert_ttl = cert.get_ttl(self._der_cert)
        if cert_ttl is None:
Author	SHA1	Message	Date
Lance Stout	6997261c6b	Bump version for 1.1.3	2012-06-09 11:32:03 -07:00
Lance Stout	6cfb5cb14c	Add extra check for the cert in the expiration handler.	2012-06-09 11:01:45 -07:00
Lance Stout	8567d6034f	Use False for use_tls for components. A log message is shown for those who try to set it to True. Fixes issue #171	2012-06-09 11:01:35 -07:00
Lance Stout	e06368f8cd	Default use_tls to False for components. Issue #171	2012-06-09 11:01:21 -07:00
Lance Stout	4b37a4706f	Fix SSL handshake handling when not using legacy SSL. Fixes issue #172	2012-06-09 11:01:11 -07:00
Lance Stout	7b1564947d	Ensure that all SSL cert error handling is overridable using event handlers. Relevant events: ssl_invalid_cert ssl_invalid_chain ssl_expired_cert	2012-06-09 11:00:55 -07:00
Lance Stout	f5652a667b	Add 'presence' event, raised for all incoming presence stanzas.	2012-06-06 16:10:25 -07:00