Commit 36a00839 authored by André's avatar André Committed by Philipp Hörist

Clean up OpenSSL code

parent a3c316ab
......@@ -8,7 +8,7 @@
- python3-gi-cairo
- gir1.2-gtk-3.0 (>=3.22)
- python3-nbxmpp (>=0.9.90.4)
- python3-openssl (>=0.14)
- python3-openssl (>=16.2)
- python3-cssutils (>=1.0.2)
- python3-keyring
- python3-precis-i18n
......
......@@ -1170,17 +1170,6 @@ class Connection(CommonConnection, ConnectionHandlers):
app.nec.push_incoming_event(OurShowEvent(None, conn=self,
show='offline'))
return False
if _con_type in ('tls', 'ssl') and con.Connection.ssl_lib != 'PYOPENSSL' \
and app.config.get_per('accounts', self.name,
'warn_when_insecure_ssl_connection') and \
not self.connection_auto_accepted:
# Pyopenssl is not used
app.nec.push_incoming_event(
NetworkEvent('insecure-ssl-connection',
conn=self,
xmpp_client=con,
conn_type=_con_type))
return True
return self.connection_accepted(con, con_type)
def connection_accepted(self, con, con_type):
......
......@@ -230,12 +230,8 @@ class JingleContent:
configpaths.get('MY_CERT'), SELF_SIGNED_CERTIFICATE) + '.cert'
cert = load_cert_file(certpath)
if cert:
try:
digest_algo = (cert.get_signature_algorithm()
.decode('utf-8').split('With')[0])
except AttributeError:
# Old py-OpenSSL is missing get_signature_algorithm
digest_algo = "sha256"
digest_algo = (cert.get_signature_algorithm()
.decode('utf-8').split('With')[0])
security.addChild('fingerprint').addData(cert.digest(
digest_algo).decode('utf-8'))
for m in ('x509', ): # supported authentication methods
......
......@@ -116,12 +116,11 @@ class JingleFileTransfer(JingleContent):
State.CAND_SENT_AND_RECEIVED : StateCandSentAndRecv(self)
}
if jingle_xtls.PYOPENSSL_PRESENT:
cert_name = os.path.join(configpaths.get('MY_CERT'),
jingle_xtls.SELF_SIGNED_CERTIFICATE)
if not (os.path.exists(cert_name + '.cert')
and os.path.exists(cert_name + '.pkey')):
jingle_xtls.make_certs(cert_name, 'gajim')
cert_name = os.path.join(configpaths.get('MY_CERT'),
jingle_xtls.SELF_SIGNED_CERTIFICATE)
if not (os.path.exists(cert_name + '.cert')
and os.path.exists(cert_name + '.pkey')):
jingle_xtls.make_certs(cert_name, 'gajim')
def __state_changed(self, nextstate, args=None):
# Executes the next state action and sets the next state
......
......@@ -15,15 +15,14 @@
import logging
import os
from OpenSSL import SSL, crypto
import nbxmpp
from gajim.common import app
from gajim.common import configpaths
log = logging.getLogger('gajim.c.jingle_xtls')
PYOPENSSL_PRESENT = False
# key-exchange id -> [callback, args], accept that session once key-exchange completes
pending_contents = {}
......@@ -36,16 +35,8 @@ def approve_pending_content(id_):
args = pending_contents[id_][1]
cb(*args)
try:
import OpenSSL.SSL
PYOPENSSL_PRESENT = True
except ImportError:
log.info("PyOpenSSL not available")
if PYOPENSSL_PRESENT:
from OpenSSL import SSL, crypto
TYPE_RSA = crypto.TYPE_RSA
TYPE_DSA = crypto.TYPE_DSA
TYPE_RSA = crypto.TYPE_RSA
TYPE_DSA = crypto.TYPE_DSA
SELF_SIGNED_CERTIFICATE = 'localcert'
DH_PARAMS = 'dh_params.pem'
......@@ -76,13 +67,12 @@ def load_cert_file(cert_path, cert_store=None):
elif 'END CERTIFICATE' in line and begin > -1:
cert = ''.join(lines[begin:i+2])
try:
x509cert = OpenSSL.crypto.load_certificate(
OpenSSL.crypto.FILETYPE_PEM, cert)
x509cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
if cert_store:
cert_store.add_cert(x509cert)
f.close()
return x509cert
except OpenSSL.crypto.Error as exception_obj:
except crypto.Error as exception_obj:
log.warning('Unable to load a certificate from file %s: %s',
cert_path, exception_obj.args[0][0][2])
except Exception:
......@@ -190,12 +180,8 @@ def check_cert(jid, fingerprint):
if os.path.exists(certpath):
cert = load_cert_file(certpath)
if cert:
try:
digest_algo = cert.get_signature_algorithm().decode('utf-8').\
split('With')[0]
except AttributeError:
# Old py-OpenSSL is missing get_signature_algorithm
digest_algo = "sha256"
digest_algo = cert.get_signature_algorithm().decode('utf-8')\
.split('With')[0]
if cert.digest(digest_algo) == fingerprint:
return True
return False
......
......@@ -24,7 +24,7 @@ install_requires =
keyring
nbxmpp>=0.9.90.4
precis-i18n>=1.0.0
pyOpenSSL>=0.12
pyOpenSSL>=16.2
[options.package_data]
gajim =
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment