From 36a0083942ff35316d286036cb7eedc80dadaa6b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Apitzsch?= <git@apitzsch.eu>
Date: Wed, 30 Jan 2019 22:30:11 +0100
Subject: [PATCH] Clean up OpenSSL code
---
README.md | 2 +-
gajim/common/connection.py | 11 -----------
gajim/common/jingle_content.py | 8 ++------
gajim/common/jingle_ft.py | 11 +++++------
gajim/common/jingle_xtls.py | 30 ++++++++----------------------
setup.cfg | 2 +-
6 files changed, 17 insertions(+), 47 deletions(-)
diff --git a/README.md b/README.md
index 2a3348a64d..7b0fb09e4f 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@
- python3-gi-cairo
- gir1.2-gtk-3.0 (>=3.22)
- python3-nbxmpp (>=0.9.90.4)
-- python3-openssl (>=0.14)
+- python3-openssl (>=16.2)
- python3-cssutils (>=1.0.2)
- python3-keyring
- python3-precis-i18n
diff --git a/gajim/common/connection.py b/gajim/common/connection.py
index 9bcf1049fc..313e73eada 100644
--- a/gajim/common/connection.py
+++ b/gajim/common/connection.py
@@ -1170,17 +1170,6 @@ class Connection(CommonConnection, ConnectionHandlers):
app.nec.push_incoming_event(OurShowEvent(None, conn=self,
show='offline'))
return False
- if _con_type in ('tls', 'ssl') and con.Connection.ssl_lib != 'PYOPENSSL' \
- and app.config.get_per('accounts', self.name,
- 'warn_when_insecure_ssl_connection') and \
- not self.connection_auto_accepted:
- # Pyopenssl is not used
- app.nec.push_incoming_event(
- NetworkEvent('insecure-ssl-connection',
- conn=self,
- xmpp_client=con,
- conn_type=_con_type))
- return True
return self.connection_accepted(con, con_type)
def connection_accepted(self, con, con_type):
diff --git a/gajim/common/jingle_content.py b/gajim/common/jingle_content.py
index 92c1f3b4db..a6ca90a8dd 100644
--- a/gajim/common/jingle_content.py
+++ b/gajim/common/jingle_content.py
@@ -230,12 +230,8 @@ class JingleContent:
configpaths.get('MY_CERT'), SELF_SIGNED_CERTIFICATE) + '.cert'
cert = load_cert_file(certpath)
if cert:
- try:
- digest_algo = (cert.get_signature_algorithm()
- .decode('utf-8').split('With')[0])
- except AttributeError:
- # Old py-OpenSSL is missing get_signature_algorithm
- digest_algo = "sha256"
+ digest_algo = (cert.get_signature_algorithm()
+ .decode('utf-8').split('With')[0])
security.addChild('fingerprint').addData(cert.digest(
digest_algo).decode('utf-8'))
for m in ('x509', ): # supported authentication methods
diff --git a/gajim/common/jingle_ft.py b/gajim/common/jingle_ft.py
index 7705be854e..ab618ca254 100644
--- a/gajim/common/jingle_ft.py
+++ b/gajim/common/jingle_ft.py
@@ -116,12 +116,11 @@ class JingleFileTransfer(JingleContent):
State.CAND_SENT_AND_RECEIVED : StateCandSentAndRecv(self)
}
- if jingle_xtls.PYOPENSSL_PRESENT:
- cert_name = os.path.join(configpaths.get('MY_CERT'),
- jingle_xtls.SELF_SIGNED_CERTIFICATE)
- if not (os.path.exists(cert_name + '.cert')
- and os.path.exists(cert_name + '.pkey')):
- jingle_xtls.make_certs(cert_name, 'gajim')
+ cert_name = os.path.join(configpaths.get('MY_CERT'),
+ jingle_xtls.SELF_SIGNED_CERTIFICATE)
+ if not (os.path.exists(cert_name + '.cert')
+ and os.path.exists(cert_name + '.pkey')):
+ jingle_xtls.make_certs(cert_name, 'gajim')
def __state_changed(self, nextstate, args=None):
# Executes the next state action and sets the next state
diff --git a/gajim/common/jingle_xtls.py b/gajim/common/jingle_xtls.py
index 00ec38b090..c25813f7fa 100644
--- a/gajim/common/jingle_xtls.py
+++ b/gajim/common/jingle_xtls.py
@@ -15,15 +15,14 @@
import logging
import os
+from OpenSSL import SSL, crypto
+
import nbxmpp
from gajim.common import app
from gajim.common import configpaths
log = logging.getLogger('gajim.c.jingle_xtls')
-
-PYOPENSSL_PRESENT = False
-
# key-exchange id -> [callback, args], accept that session once key-exchange completes
pending_contents = {}
@@ -36,16 +35,8 @@ def approve_pending_content(id_):
args = pending_contents[id_][1]
cb(*args)
-try:
- import OpenSSL.SSL
- PYOPENSSL_PRESENT = True
-except ImportError:
- log.info("PyOpenSSL not available")
-
-if PYOPENSSL_PRESENT:
- from OpenSSL import SSL, crypto
- TYPE_RSA = crypto.TYPE_RSA
- TYPE_DSA = crypto.TYPE_DSA
+TYPE_RSA = crypto.TYPE_RSA
+TYPE_DSA = crypto.TYPE_DSA
SELF_SIGNED_CERTIFICATE = 'localcert'
DH_PARAMS = 'dh_params.pem'
@@ -76,13 +67,12 @@ def load_cert_file(cert_path, cert_store=None):
elif 'END CERTIFICATE' in line and begin > -1:
cert = ''.join(lines[begin:i+2])
try:
- x509cert = OpenSSL.crypto.load_certificate(
- OpenSSL.crypto.FILETYPE_PEM, cert)
+ x509cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
if cert_store:
cert_store.add_cert(x509cert)
f.close()
return x509cert
- except OpenSSL.crypto.Error as exception_obj:
+ except crypto.Error as exception_obj:
log.warning('Unable to load a certificate from file %s: %s',
cert_path, exception_obj.args[0][0][2])
except Exception:
@@ -190,12 +180,8 @@ def check_cert(jid, fingerprint):
if os.path.exists(certpath):
cert = load_cert_file(certpath)
if cert:
- try:
- digest_algo = cert.get_signature_algorithm().decode('utf-8').\
- split('With')[0]
- except AttributeError:
- # Old py-OpenSSL is missing get_signature_algorithm
- digest_algo = "sha256"
+ digest_algo = cert.get_signature_algorithm().decode('utf-8')\
+ .split('With')[0]
if cert.digest(digest_algo) == fingerprint:
return True
return False
diff --git a/setup.cfg b/setup.cfg
index 14eb8dcf18..783e3459ab 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -24,7 +24,7 @@ install_requires =
keyring
nbxmpp>=0.9.90.4
precis-i18n>=1.0.0
- pyOpenSSL>=0.12
+ pyOpenSSL>=16.2
[options.package_data]
gajim =
--
GitLab