Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
async def main():
# It might be desirable to move these out of the examples
# directory, as this test are now relying on them being around
file_path = join(dirname(dirname(__file__)), 'examples')
cert_file = join(file_path, 'ssl_test.crt')
key_file = join(file_path, 'ssl_test_rsa')
server_context = curiossl.create_default_context(ssl.Purpose.CLIENT_AUTH)
server_context.load_cert_chain(certfile=cert_file, keyfile=key_file)
stdlib_client_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
curio_client_context = curiossl.create_default_context(ssl.Purpose.SERVER_AUTH)
server_task = await spawn(partial(network.tcp_server, '', 10000, handler, ssl=server_context))
await sleep(0.1)
for test_context in (curio_client_context, stdlib_client_context):
test_context.check_hostname = False
test_context.verify_mode = ssl.CERT_NONE
resp = await client('localhost', 10000, test_context)
assert resp == b'Back atcha: Hello, world!'
await server_task.cancel()
def create_ssl_context(self):
"""
Create an SSL context that has reasonable settings and supports alpn for
h2 and http/1.1 in that order.
"""
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.options |= ssl.OP_NO_TLSv1
ssl_context.options |= ssl.OP_NO_TLSv1_1
ssl_context.options |= ssl.OP_NO_COMPRESSION
ssl_context.set_ciphers(self.tls_ciphers)
ssl_context.load_cert_chain(certfile=self.certfile, keyfile=self.keyfile)
ssl_context.set_alpn_protocols(["h2", "http/1.1"])
return ssl_context
break
print(line)
await writer.write(
b'''HTTP/1.0 200 OK\r
Content-type: text/plain\r
\r
If you're seeing this, it probably worked. Yay!
''')
await writer.write(time.asctime().encode('ascii'))
await writer.close()
await reader.close()
if __name__ == '__main__':
kernel = curio.Kernel()
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.load_cert_chain(certfile=CERTFILE, keyfile=KEYFILE)
kernel.run(curio.run_server('', 10000, handler, ssl=ssl_context))
def uri_compile(uri, is_server):
url = urllib.parse.urlparse(uri)
kw = {}
if url.scheme == 'tunneludp':
if not url.fragment:
raise argparse.ArgumentTypeError(
'destitation must be assign in tunnel udp mode, '
'example tunneludp://:53#8.8.8.8:53')
host, _, port = url.fragment.partition(':')
kw['target_addr'] = (host, int(port))
if url.scheme in ('https',):
if not url.fragment:
raise argparse.ArgumentTypeError('#keyfile,certfile is needed')
keyfile, _, certfile = url.fragment.partition(',')
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.load_cert_chain(certfile=certfile, keyfile=keyfile)
kw['ssl_context'] = ssl_context
proto = server_protos[url.scheme] if is_server else \
client_protos[url.scheme]
cipher, _, loc = url.netloc.rpartition('@')
if cipher:
cipher_cls, _, password = cipher.partition(':')
if url.scheme.startswith('ss'):
kw['cipher_cls'] = ciphers[cipher_cls]
kw['password'] = password.encode()
elif url.scheme in ('http', 'https', 'socks'):
kw['auth'] = (cipher_cls.encode(), password.encode())
else:
pass
if loc:
kw['host'], _, port = loc.partition(':')
async def create_listening_ssl_socket(address, certfile, keyfile):
"""
Create and return a listening TLS socket on a given address.
"""
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.options |= (
ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_COMPRESSION
)
ssl_context.set_ciphers("ECDHE+AESGCM")
ssl_context.load_cert_chain(certfile=certfile, keyfile=keyfile)
ssl_context.set_alpn_protocols(["h2"])
sock = socket.socket()
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock = await ssl_context.wrap_socket(sock)
sock.bind(address)
sock.listen()
return sock
try:
client.setsockopt(IPPROTO_TCP, TCP_NODELAY, 1)
except (OSError, NameError):
pass
s = client.as_stream()
while True:
data = await s.read(102400)
if not data:
break
await s.write(data)
await s.close()
print('Connection closed')
if __name__ == '__main__':
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.load_cert_chain(certfile=CERTFILE, keyfile=KEYFILE)
run(tcp_server, '', 25000, echo_handler, ssl=ssl_context)