New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Log cipher, certificate and temp key info on establishing an SSL connection #3450
Merged
Merged
Changes from 7 commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
69b1d5d
Log cipher, certificate and temp key info on establishing an SSL conn…
wRAR 67a4000
Work around older pyOpenSSL not having get_cipher_name or get_protoco…
wRAR 0b9dce3
Add DOWNLOADER_CLIENT_TLS_VERBOSE_LOGGING setting.
wRAR 0de6ffc
Fix super() call.
wRAR 98689b2
Improve the DOWNLOADER_CLIENTCONTEXTFACTORY doc.
wRAR a96a07b
Add a test for DOWNLOADER_CLIENT_TLS_VERBOSE_LOGGING.
wRAR 42743fd
Move tls_verbose_logging extraction from __init__ to from_settings.
wRAR 95dd2df
Drop an unused import.
wRAR c645380
Remove an unneeded if.
wRAR File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
# -*- coding: utf-8 -*- | ||
|
||
import OpenSSL._util as pyOpenSSLutil | ||
|
||
from scrapy.utils.python import to_native_str | ||
|
||
|
||
def ffi_buf_to_string(buf): | ||
return to_native_str(pyOpenSSLutil.ffi.string(buf)) | ||
|
||
|
||
def x509name_to_string(x509name): | ||
# from OpenSSL.crypto.X509Name.__repr__ | ||
result_buffer = pyOpenSSLutil.ffi.new("char[]", 512) | ||
pyOpenSSLutil.lib.X509_NAME_oneline(x509name._name, result_buffer, len(result_buffer)) | ||
|
||
return ffi_buf_to_string(result_buffer) | ||
|
||
|
||
def get_temp_key_info(ssl_object): | ||
if not hasattr(pyOpenSSLutil.lib, 'SSL_get_server_tmp_key'): # requires OpenSSL 1.0.2 | ||
return None | ||
|
||
# adapted from OpenSSL apps/s_cb.c::ssl_print_tmp_key() | ||
temp_key_p = pyOpenSSLutil.ffi.new("EVP_PKEY **") | ||
pyOpenSSLutil.lib.SSL_get_server_tmp_key(ssl_object, temp_key_p) | ||
if temp_key_p == pyOpenSSLutil.ffi.NULL: | ||
return None | ||
|
||
temp_key = temp_key_p[0] | ||
pyOpenSSLutil.ffi.gc(temp_key, pyOpenSSLutil.lib.EVP_PKEY_free) | ||
key_info = [] | ||
key_type = pyOpenSSLutil.lib.EVP_PKEY_id(temp_key) | ||
if key_type == pyOpenSSLutil.lib.EVP_PKEY_RSA: | ||
key_info.append('RSA') | ||
elif key_type == pyOpenSSLutil.lib.EVP_PKEY_DH: | ||
key_info.append('DH') | ||
elif key_type == pyOpenSSLutil.lib.EVP_PKEY_EC: | ||
key_info.append('ECDH') | ||
ec_key = pyOpenSSLutil.lib.EVP_PKEY_get1_EC_KEY(temp_key) | ||
pyOpenSSLutil.ffi.gc(ec_key, pyOpenSSLutil.lib.EC_KEY_free) | ||
nid = pyOpenSSLutil.lib.EC_GROUP_get_curve_name(pyOpenSSLutil.lib.EC_KEY_get0_group(ec_key)) | ||
cname = pyOpenSSLutil.lib.EC_curve_nid2nist(nid) | ||
if cname == pyOpenSSLutil.ffi.NULL: | ||
cname = pyOpenSSLutil.lib.OBJ_nid2sn(nid) | ||
key_info.append(ffi_buf_to_string(cname)) | ||
else: | ||
key_info.append(ffi_buf_to_string(pyOpenSSLutil.lib.OBJ_nid2sn(key_type))) | ||
key_info.append('%s bits' % pyOpenSSLutil.lib.EVP_PKEY_bits(temp_key)) | ||
return ', '.join(key_info) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think settings should always be passed here