MCPcopy Index your code
hub / github.com/secdev/scapy / cb_sni

Method cb_sni

scapy/fwdmachine.py:357–402  ·  view source on GitHub ↗

This callback occurs after the TLSClientHello is received by the server

(sock, server_name, _)

Source from the content-addressed store, hash-verified

355 _clisock = [ss]
356
357 def cb_sni(sock, server_name, _):
358 """
359 This callback occurs after the TLSClientHello is received by the server
360 """
361 ss = _clisock[0]
362 ctx.tls_sni_name = server_name # the requested SNI
363 # Use that SNI to wrap the client socket
364 ss = clisslcontext.wrap_socket(ss, server_hostname=server_name)
365 # Get certificate chain
366 cas = ss._sslobj.get_unverified_chain()
367 if self.crtfile is None:
368 # SELF-SIGNED mode
369 # Generate private key based on the type of certificate
370 privkey, certs = self.get_key_and_alike_chain(
371 cas, dest, server_name
372 )
373 # Load result certificate our SSL server
374 # (this is dumb but we need to store them on disk)
375 certfile = get_temp_file()
376 with open(certfile, "w") as fd:
377 for c in certs:
378 fd.write(c.pem)
379 keyfile = get_temp_file()
380 with open(keyfile, "wb") as fd:
381 password = os.urandom(32)
382 fd.write(
383 privkey.key.private_bytes(
384 encoding=serialization.Encoding.PEM,
385 format=serialization.PrivateFormat.PKCS8,
386 encryption_algorithm=serialization.BestAvailableEncryption( # noqa: E501
387 password
388 ),
389 )
390 )
391 else:
392 # Certificate is provided
393 certfile = self.crtfile
394 keyfile = self.keyfile
395 sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
396 sslcontext.check_hostname = False
397 sslcontext.verify_mode = ssl.CERT_NONE # note: server side
398 sslcontext.load_cert_chain(certfile, keyfile, password=password)
399 sock.context = sslcontext
400 # Return success
401 _clisock[0] = ss
402 return None # Continue
403
404 # Server SSL context
405 sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)

Callers

nothing calls this directly

Calls 3

get_temp_fileFunction · 0.90
writeMethod · 0.45

Tested by

no test coverage detected