5

This is a follow up of this question: SSL handshake failures when no data was sent over Twisted TLSConnection

I have implemented a simple SSL server that closes the connection as soon as the client is connected.

I am testing it with openssl and I got this handshake failure:

$ openssl s_client -connect localhost:12345                             
CONNECTED(00000003) 2329:error:140790E5:SSL routines:SSL23_WRITE
:ssl handshake failure:s23_lib.c:188:

The problem is that TLS.Connection.loseConnection does not wait for the ongoing handshake to be done and just disconnects the client.

A callback attached to OpenSSL.SSL.Connection.do_handshake would have been great... but unfortunately I don't know if this can be done... or how to do it.

Any hints in how I could test that a TLS handshake was done is much appreciated. Many thanks!

Here is the code

class ApplicationProtocol(Protocol):
        '''Protocol that closes the connection when connection is made.'''
        def connectionMade(self):
            self.transport.loseConnection()

# Here is a barebone TLS Server
serverFactory = ServerFactory()
serverFactory.protocol = ApplicationProtocol
server_cert_path = 'server.pem'
serverContextFactory = DefaultOpenSSLContextFactory(
            privateKeyFileName = server_cert_path,
            certificateFileName = server_cert_path,
            sslmethod=SSL.SSLv23_METHOD)

tlsFactory = TLSMemoryBIOFactory(serverContextFactory, False, serverFactory)
reactor.listenTCP(12345, tlsFactory)
#reactor.listenSSL(12345, serverFactory, serverContextFactory)

For now I solve this really dirty and not 100% valid.

def tls_lose_connection(self):
    """
    Monkey patching for TLSMemoryBIOProtocol to wait for handshake to end,
    before closing the connection.

    Send a TLS close alert and close the underlying connection.
    """

    def close_connection():
        self.disconnecting = True
        if not self._writeBlockedOnRead:
            self._tlsConnection.shutdown()
            self._flushSendBIO()
            self.transport.loseConnection()

    # If we don't know if the handshake was done, we wait for a bit
    # and the close the connection.
    # This is done to avoid closing the connection in the middle of a
    # handshake.
    if not self._handshakeDone:
        reactor.callLater(0.5, close_connection)
    else:
        close_connection()


TLSMemoryBIOProtocol.loseConnection = tls_lose_connection
Community
  • 1
  • 1
Adi Roiban
  • 1,293
  • 2
  • 13
  • 28

3 Answers3

6

I'm providing code that implements Jean-Paul's answer.

class ProxyClientTLSContextFactory(ssl.ClientContextFactory):
    isClient = 1

def getContext(self):
    ctx = SSL.Context(SSL.TLSv1_METHOD)
    logger = logging.GetLogger()
    def infoCallback(conn, where, ret):
        # conn is a OpenSSL.SSL.Connection
        # where is a set of flags telling where in the handshake we are
        # See http://www.openssl.org/docs/ssl/SSL_CTX_set_info_callback.html
        logger.debug("infoCallback %s %d %d" % (conn, where, ret))
        if where & SSL.SSL_CB_HANDSHAKE_START:
            logger.debug("Handshake started")
        if where & SSL.SSL_CB_HANDSHAKE_DONE:
            logger.debug("Handshake done")
    ctx.set_info_callback(infoCallback)
    return ctx

The problem I ran into inside of infoCallback() is that I have no idea how to get from the SSL.Connection back to the associated Twisted Protocol instance.

What I'd like to do is invoke a callback on my Protocol instance after the connection has been made and the TLS handshake has been completed so I can be sure the certificate validation is to my liking before I proceed.

Von
  • 4,365
  • 2
  • 29
  • 29
  • You could do: `ctx.set_info_callback(lambda conn,where,ret: self.infoCallback(conn,where,ret))` and then your `infoCallback` is a true method on the `self` object and can then use it as it wishes. – Patrick Mevzek Jan 03 '18 at 22:41
4

The SSL context object can be configured with an "info callback" - Context.set_info_callback. This is a wrapper around SSL_CTX_set_info_callback. The slightly more convenient (in this case) SSL_set_info_callback for specifying a callback for a single connection is not exposed by pyOpenSSL, unfortunately.

Amongst other things, the info callback is invoked when the handshake completes. With a few acrobatics, you should be able to turn this notification into a Deferred or some other callback onto the protocol.

See the pyOpenSSL set_info_callback documentation and the OpenSSL SSL_CTX_set_info_callback documentation for details.

Jean-Paul Calderone
  • 47,755
  • 6
  • 94
  • 122
  • 1
    Thank you very, very much :). From the pyOpenSSL documentation it looks like Context.set_info_callback is passing a Connection object to the callback... I guess that I can hook this callback to set a handshake_in_progress and handshake_done flags on the connection. – Adi Roiban Feb 10 '11 at 16:57
  • @Adi - did you figure out a way to do this? I've verified the info_callback gets you the OpenSSL.SSL.Connection instance and you can test the where flags to determine handshake has been completed, but I don't see any ready way to get at the Twisted Protocol instance from the Connection instance. – Von Aug 25 '11 at 13:23
  • @Von I added my current dirty solution. I tried to look at set_info_callback values but could not spot the right value to see if a handshake was done. – Adi Roiban Aug 29 '11 at 11:56
  • From : *SSL_CB_HANDSHAKE_DONE 0x20*. Does that help? – Jean-Paul Calderone Aug 29 '11 at 13:23
  • @Adi - Thanks. Valid, but doesn't help for what I'm trying to do, which is get at the peer certificate without OpenSSL actually verifying it. I'll put what I learned in another answer. – Von Sep 11 '11 at 02:32
  • At some point in the future, Twisted should native support such a callback. There is a ticket (stalled for the better part of the year, unfortunately!) here: https://twistedmatrix.com/trac/ticket/6024 which should be closed at some point. – Glyph Feb 23 '15 at 20:26
0

I found using loseConnection() unreliable because of the handshaking issue. It's possible to call it and the connection is never fully disconnected. So, for TLS I always use abortConnection() instead. It will make sure the connection is closed regardless of the state of the handshake.

Tim Tisdall
  • 9,914
  • 3
  • 52
  • 82