diff --git a/lib/interface.py b/lib/interface.py index 5e2b63b5..d87c1ced 100644 --- a/lib/interface.py +++ b/lib/interface.py @@ -24,6 +24,7 @@ # SOFTWARE. import aiosocks import os +import stat import re import ssl import sys @@ -41,11 +42,10 @@ import requests from aiosocks.errors import SocksError from concurrent.futures import TimeoutError -from .util import print_error -from .ssl_in_socks import sslInSocksReaderWriter - ca_path = requests.certs.where() +from .util import print_error +from .ssl_in_socks import sslInSocksReaderWriter from . import util from . import x509 from . import pem @@ -135,6 +135,11 @@ class Interface(util.PrintError): else: is_new = False ca_certs = temporary_path if is_new else cert_path + + size = os.stat(ca_certs)[stat.ST_SIZE] + self_signed = size != 0 + if not self_signed: + ca_certs = ca_path try: if self.addr is not None: if not self.use_ssl: diff --git a/lib/ssl_in_socks.py b/lib/ssl_in_socks.py index 9727b03a..9f46fbde 100644 --- a/lib/ssl_in_socks.py +++ b/lib/ssl_in_socks.py @@ -18,23 +18,14 @@ class AppProto(asyncio.Protocol): for idx, val in enumerate(self.buf): if NEWLINE == val: asyncio.ensure_future(self.receivedQueue.put(bytes(self.buf[:idx+1]))) - self.buf = self.buf[idx:] + self.buf = self.buf[idx+1:] def makeProtocolFactory(receivedQueue, connUpLock, ca_certs): class MySSLProtocol(SSLProtocol): - def connection_lost(self, data): - super().connection_lost(data) - def _on_handshake_complete(self, handshake_exc): - super()._on_handshake_complete(handshake_exc) - if handshake_exc is not None: - print("handshake complete", handshake_exc) - try: - print("cert length", len(self._sslpipe.ssl_object.getpeercert(True))) - except ValueError as e: - assert str(e) == "handshake not done yet", e - print("exception was from on_handshake_complete") # TODO how can this happen? Handshake should be done if callback is called def __init__(self): - context = interface.get_ssl_context(cert_reqs=ssl.CERT_REQUIRED if ca_certs is None else ssl.CERT_NONE, ca_certs=ca_certs) + context = interface.get_ssl_context(\ + cert_reqs=ssl.CERT_REQUIRED if ca_certs is not None else ssl.CERT_NONE,\ + ca_certs=ca_certs) proto = AppProto(receivedQueue, connUpLock) super().__init__(asyncio.get_event_loop(), proto, context, None) return MySSLProtocol @@ -59,14 +50,22 @@ async def sslInSocksReaderWriter(socksAddr, socksAuth, host, port, ca_certs): receivedQueue = asyncio.Queue() connUpLock = asyncio.Lock() await connUpLock.acquire() - transport, protocol = await aiosocks.create_connection(makeProtocolFactory(receivedQueue, connUpLock, ca_certs), proxy=socksAddr, proxy_auth=socksAuth, dst=(host, port)) + transport, protocol = await aiosocks.create_connection(\ + makeProtocolFactory(receivedQueue, connUpLock, ca_certs),\ + proxy=socksAddr,\ + proxy_auth=socksAuth, dst=(host, port)) await connUpLock.acquire() return ReaderEmulator(receivedQueue), WriterEmulator(protocol._app_transport) if __name__ == "__main__": async def l(fut): try: - reader, writer = await sslInSocksReaderWriter(aiosocks.Socks4Addr("127.0.0.1", 9050), None, "songbird.bauerj.eu", 50002, None) + # aiosocks.Socks4Addr("127.0.0.1", 9050), None, "songbird.bauerj.eu", 50002, None) + args = aiosocks.Socks4Addr("127.0.0.1", 9050), None, "electrum.akinbo.org", 51002, None + reader, writer = await sslInSocksReaderWriter(*args) + writer.write(b'{"id":0,"method":"server.version","args":["3.0.2", "1.1"]}\n') + await writer.drain() + print(await reader.read(4096)) writer.write(b'{"id":0,"method":"server.version","args":["3.0.2", "1.1"]}\n') await writer.drain() print(await reader.read(4096))