ttemporary_path for unverified certificates - electrum - Electrum Bitcoin wallet
HTML git clone https://git.parazyd.org/electrum
DIR Log
DIR Files
DIR Refs
DIR Submodules
---
DIR commit 36b61fccfd406cc873524bacbbc8dabe1cc4fe38
DIR parent 1bcb361fca93acdd7be6ddbc2ee20310372e5ccd
HTML Author: ThomasV <thomasv@gitorious>
Date: Wed, 2 Oct 2013 09:22:13 +0200
ttemporary_path for unverified certificates
Diffstat:
M lib/interface.py | 46 ++++++++++++++++++-------------
1 file changed, 27 insertions(+), 19 deletions(-)
---
DIR diff --git a/lib/interface.py b/lib/interface.py
t@@ -31,6 +31,21 @@ DEFAULT_TIMEOUT = 5
proxy_modes = ['socks4', 'socks5', 'http']
+def is_expired(cert):
+ from OpenSSL import crypto as c
+ _cert = c.load_certificate(c.FILETYPE_PEM, cert)
+ notAfter = _cert.get_notAfter()
+ notBefore = _cert.get_notBefore()
+ now = time.time()
+ if now > time.mktime( time.strptime(notAfter[:-1] + "GMT", "%Y%m%d%H%M%S%Z") ):
+ print "deprecated cert", self.host, notAfter
+ return True
+ if now < time.mktime( time.strptime(notBefore[:-1] + "GMT", "%Y%m%d%H%M%S%Z") ):
+ print "notbefore", self.host, notBefore
+ return True
+ return False
+
+
class Interface(threading.Thread):
t@@ -266,7 +281,7 @@ class Interface(threading.Thread):
try:
s.connect((self.host, self.port))
except:
- print_error("failed to connect", self.host, self.port)
+ # print_error("failed to connect", self.host, self.port)
return
s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_NONE, ca_certs=None)
t@@ -274,20 +289,8 @@ class Interface(threading.Thread):
s.close()
cert = ssl.DER_cert_to_PEM_cert(dercert)
- from OpenSSL import crypto as c
- _cert = c.load_certificate(c.FILETYPE_PEM, cert)
- notAfter = _cert.get_notAfter()
- notBefore = _cert.get_notBefore()
- now = time.time()
- if now > time.mktime( time.strptime(notAfter[:-1] + "GMT", "%Y%m%d%H%M%S%Z") ):
- print "deprecated cert", self.host, notAfter
- return
- if now < time.mktime( time.strptime(notBefore[:-1] + "GMT", "%Y%m%d%H%M%S%Z") ):
- print "notbefore", self.host, notBefore
- return
-
- with open(cert_path,"w") as f:
- print_error("saving certificate for",self.host)
+ temporary_path = cert_path + '.temp'
+ with open(temporary_path,"w") as f:
f.write(cert)
else:
is_new = False
t@@ -308,19 +311,24 @@ class Interface(threading.Thread):
s = ssl.wrap_socket(s,
ssl_version=ssl.PROTOCOL_SSLv3,
cert_reqs=ssl.CERT_REQUIRED,
- ca_certs=cert_path,
+ ca_certs= (temporary_path if is_new else cert_path),
do_handshake_on_connect=True)
except ssl.SSLError, e:
print_error("SSL error:", self.host, e)
- # delete the certificate so we will download a new one
if is_new:
- os.unlink(cert_path)
+ os.unlink(temporary_path)
return
except:
- traceback.print_exc(file=sys.stdout)
print_error("wrap_socket failed", self.host)
+ traceback.print_exc(file=sys.stdout)
+ if is_new:
+ os.unlink(temporary_path)
return
+ if is_new:
+ print_error("saving certificate for", self.host)
+ os.rename(temporary_path, cert_path)
+
# hostname verification (disabled)
#from backports.ssl_match_hostname import match_hostname, CertificateError
#try: