Commit Graph

12 Commits (8ec1dfb56c4669b2295a6c097701e9aa3e4af96c)

Author SHA1 Message Date
mcfreis 083554e9e0 Minor fixes and "hopefully" compatible to Ubuntu 16.04
* dtls/__init__.py: Removed wrapper import
* dtls/openssl.py: Fixed line endings to LF
* dtls/patch.py: Removed PROTOCOL_SSLv3 import and fixed line endings to LF
* dtls/sslconnection.py: Fixed line endings to LF
* dtls/test/certs/*_ec.pem: Fixed line endings to LF
* dtls/test/echo_seq.py: Fixed line endings to LF
* dtls/test/simple_client.py: Fixed line endings to LF
* dtls/test/unit.py: Fixed line endings to LF
* dtls/test/unit_wrapper.py: Corrected wrapper import and fixed line endings to LF
* dtls/util.py: Fixed line endings to LF
* dtls/wrapper.py: Corrected function naming to wrap_client() and wrap_server(); Fixed line endings to LF
* dtls/x509.py: Fixed line endings to LF
2017-03-28 07:59:03 +02:00
mcfreis dade3b8213 Patched ssl-Module with SSL_BUILD_*- and ERR_*- constants and added aliases for wrap_server() and wrap_client()
* dtls/__init__.py: Added DtlsSocket() from wrapper and aliases for wrap_server() and wrap_client()
* dtls/err.py: Added patch_ssl_errors() to patch ssl-Module with ERR_* constants
* dtls/patch.py: Patched ssl-Module with SSL_BUILD_* constants and added call to patch_ssl_errors()
* dtls/wrapper.py:
	- Added a server and client function to alias/wrap DtlsSocket() creation
	- Cleanup of DtlsSocket.__init__()
	- Cleanup of exception handling in all member methods
	- Cleanup sendto() from client: no endless loop and first do a connect if not already connected
* dtls/test/unit_wrapper.py: Adopt the changes made described above
2017-03-23 14:08:20 +01:00
mcfreis ff509e0724 Added more on error evaluation and a method to get the peer certificate chain
* dtls/__init__.py: import error codes from err.py as error_codes for external access
* dtls/err.py: Added errors for ERR_WRONG_SSL_VERSION, ERR_CERTIFICATE_VERIFY_FAILED, ERR_NO_SHARED_CIPHER and ERR_SSL_HANDSHAKE_FAILURE
* dtls/openssl.py:
	- Added constant SSL_BUILD_CHAIN_FLAG_NONE for SSL_CTX_build_cert_chain()
	- Added method SSL_get_peer_cert_chain()
* dtls/patch.py: Added getpeercertchain() as method to ssl.SSLSocket()
* dtls/sslconnection.py:
	- Bugfix SSLContext.set_ecdh_curve() returns 1 for success and 0 for failure
	- SSLContext.build_cert_chain() changed default flags to SSL_BUILD_CHAIN_FLAG_NONE
	- In SSLConnection() the mtu size gets only set if no user config function is given
	- SSLConnection.listen() raises an exception for ERR_WRONG_VERSION_NUMBER, ERR_COOKIE_MISMATCH, ERR_NO_SHARED_CIPHER and all other unknown errors
	- SSLConnection.read() and write() now can also raise ERR_PORT_UNREACHABLE
	- If SSLConnection.write() successfully writes bytes to the peer, then the handshake is assumed to be okay
	- Added method SSLConnection.getpeercertchain()
* dtls/test/unit.py: ThreadedEchoServer() with an extra exception branch for the newly raised exceptions in SSLConnection.listen()
2017-03-20 16:39:50 +01:00
mcfreis 60f76fac83 Added an interface in SSLConnection() to access SSLContext() and SSL() for manipulating settings during creation
* dtls/openssl.py:
	- Added utility fucntions EC_curve_nist2nid() and EC_curve_nid2nist()
* dtls/patch.py:
	- Extended wrap_socket() arguments with callbacks for user config functions of ssl context and ssl session values
	- Extended SSLSocket() arguments with callbacks for user config functions of ssl context and ssl session values
* dtls/sslconnection.py:
	- Extended SSLConnection() arguments with callbacks for user config functions of ssl context and ssl session values
	- During the init of client and server the corresponding user config functions are called (if given)
	- Added new classes SSLContext() [set_ciphers(), set_sigalgs(), set_curves(), set_ecdh_curve(), build_cert_chain(),
	set_ssl_logging()] and SSL() [set_mtu(), set_link_mtu()]
2017-03-20 16:00:11 +01:00
mcfreis 83204e8c4d Added new methods for DTLSv1.2
* dtls/err.py: Added error code ERR_WRONG_VERSION_NUMBER
* dtls/openssl.py: Added DTLS_server_method(), DTLSv1_2_server_method() and DTLSv1_2_client_method()
* dtls/patch.py: Default protocol DTLS for ssl.wrap_socket() and ssl.SSLSocket()
* dtls/sslconnection.py:
	- Introduced PROTOCOL_DTLSv1_2 and PROTOCOL_DTLS (the latter one is a synonym for the "higher" version)
	- Updated _init_client() and _init_server() with the new protocol methods
	- Default protocol DTLS for SSLConnection()
	- Return on ERR_WRONG_VERSION_NUMBER if client and server cannot agree on protocol version
* dtls/test/unit.py:
	- Extended test_get_server_certificate() to iterate over the different protocol combinations
	- Extended test_protocol_dtlsv1() to try the different protocol combinations between client and server
2017-03-20 14:48:42 +01:00
mcfreis b4911f4949 Beautified lists and maps, grouped imports for easy merges in the future - no changed functionality!
* dtls/openssl.py:
	- Ordered constants according to header file from openSSL
	- Beautified __all__-list and map for _make_function() in order to easy merges in the future
	- Added a few returns in order to evaluate the success of the called methods
* dtls/patch.py: Grouped imports in the following order - system, local
* dtls/sslconnection.py: ssl protocol not hardcoded anymore for forked objects
* dtls/x509.py: logger messages working again
2017-03-20 14:14:14 +01:00
Ray 622f58358e Compatibility Updates for Python 2.7.12
* dtls/openssl.py: support reading directly into given buffer instead
                     of forcing buffer copy (for ssl module compatibility)
	* dtls/sslconnection.py: in-situ receive support, as above
	* dtls/patch.py: various changes for compatibility with the ssl module
                   of Python 2.7.12; note that the ssl module's new
                   SSLContext is not supported
	* dtls/test/unit.py: changes to support the updated ssl module,
                       including fix of deprecation warnings
	* setup.py: increase version to 1.0.2
2017-02-27 22:37:50 -08:00
Ray Brown f62462d5f8 External documentation
This patch completes the README.txt placeholder file. The first version of
external (as opposed to in-line) documentation is complete.

The unused file README.md that was created by the GitHub repository
establishment procedure is deleted.
2012-12-19 00:49:00 -08:00
Ray Brown 9add480710 Licensing
This project is now licensed under the Apache license. Individual files
now have a license reference header.

The Apache 2.0 license text is copied to the file LICENSE. The file
NOTICE, referred to in the license text, has been added. A placeholder
README.txt has been added.

These three new files are integrated into the distribution/installation
machinery, and are placed into the package directory upon installation.
2012-12-18 11:14:31 -08:00
Ray Brown d67f48c050 Interactive performance test suite
The new module test_perf.py can be used to characterize protocol
performance over a particular network link. Two stream protocols
(TCP and SSL) and two datagram protocols (UDP and DTLS) are available
for relative comparison.

The module will run servers in its process, and will spawn clients either
into separate processes, or, depending on command line options, will
expect one or more remote clients to connect to it. In the latter case,
jobs will be sent to such clients via a shared queue whenever the user
selects a test suite.

Stress testing under packet loss conditions revealed that that the
OpenSSL library's compression feature needed to be explicitly disabled
for DTLS: it evidently operates at the stream layer as opposed to the
datagram layer, and packet loss would result in corruption among the
packets that were successfully received, authenticated, and decrypted.

Several performance improvements are included in this patch.
2012-12-10 20:52:49 -08:00
Ray Brown 1ce7243af5 Add IPv6 unit tests
The unit test suite was previously being run with IPv4 protocol addresses only.
With this change, we run the entire test suite twice: first with v4 addresses,
and then with v6 addresses, for all client and server-side sockets.
2012-11-21 19:20:16 -08:00
Ray Brown 22083e8221 SSL standard library module wire-in
A patch implementation is provided, which augments and alters the Python
standard library's ssl module to support passing of datagram sockets, in which
case this package's DTLS protocol support will be activated. The ssl module's
interface is intended to operate identically regardless of whether the DTLS
protocol or another protocol is chosen.

The following features of the ssl module are explicitly supported with
datagram sockets:

    * socket wrapping, unwrapping, and re-wrapping
    * threaded UDP servers
    * asynchronous UDP servers (asyncore integration)
    * socket servers (SocketServer integration)

The following modules have been added:

    * dtls.patch: standard library module patching code and substitution
                  functions and methods
    * unit.py:    this is a port of the standard library's testing module
                  test_ssl.py for datagram sockets; all tests pass at this time;
                  a couple of inapplicable tests have been dropped; a few other
                  tests have been added

Also note that the err module's exception raising mechanism has been
augmented so as to raise exceptions of type ssl.SSLError (as opposed to
dtls.err.SSLError) when instructed to do so through activation of the patching
mechanism. This allows code written against the standard library module's
interface to remain unchanged. In some cases, types derived from
ssl.SSLError are raised.
2012-11-21 11:23:03 -08:00