Commit 6d220487 authored by Federico Ceratto's avatar Federico Ceratto

Imported Upstream version 2.0.15

parent 863ee1ff
KNOWN BUGS AND ISSUES
---------------------
There are no currently known bugs in this module.
There are some limits though:
1) Only outgoing connections are supported - This module currently only
supports outgoing TCP connections, though some servers may support incoming
connections as well. UDP is not supported either.
2) GSSAPI Socks5 authenticaion is not supported.
3) SSL host name verification using pyOpenSSL does not check the Subject
ALT Name extension, only the common name. This is due to limitations
in pyOpenSSL itself.
If you find any new bugs, please file an issue at:
https://github.com/pagekite/PySocksipyChain/
Thank you!
KNOWN BUGS AND ISSUES
---------------------
There are no currently known bugs in this module.
There are some limits though:
1) Only outgoing connections are supported - This module currently only
supports outgoing TCP connections, though some servers may support incoming
connections as well. UDP is not supported either.
2) GSSAPI Socks5 authenticaion is not supported.
3) SSL host name verification using pyOpenSSL does not check the Subject
ALT Name extension, only the common name. This is due to limitations
in pyOpenSSL itself.
If you find any new bugs, please file an issue at:
https://github.com/pagekite/PySocksipyChain/
Thank you!
Copyright 2011 Bjarni R. Einarsson. All rights reserved.
Copyright 2006 Dan-Haim. All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. Neither the name of Dan Haim nor the names of his contributors may be used
to endorse or promote products derived from this software without specific
prior written permission.
THIS SOFTWARE IS PROVIDED BY DAN HAIM "AS IS" AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
EVENT SHALL DAN HAIM OR HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMANGE.
Copyright 2011 Bjarni R. Einarsson. All rights reserved.
Copyright 2006 Dan-Haim. All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. Neither the name of Dan Haim nor the names of his contributors may be used
to endorse or promote products derived from this software without specific
prior written permission.
THIS SOFTWARE IS PROVIDED BY DAN HAIM "AS IS" AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
EVENT SHALL DAN HAIM OR HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA
OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMANGE.
Metadata-Version: 1.0
Name: SocksipyChain
Version: 2.0.12
Version: 2.0.15
Summary: A Python SOCKS/HTTP Proxy module
Home-page: http://github.com/PageKite/SocksiPyChain
Author: Bjarni R. Einarsson
......
This diff is collapsed.
Metadata-Version: 1.0
Name: SocksipyChain
Version: 2.0.12
Version: 2.0.15
Summary: A Python SOCKS/HTTP Proxy module
Home-page: http://github.com/PageKite/SocksiPyChain
Author: Bjarni R. Einarsson
......
......@@ -2,7 +2,6 @@ BUGS
LICENSE
MANIFEST.in
README.md
setup.cfg
setup.py
t.py
test.py
......
[bdist_rpm]
release = 0pagekite_fc16fc17
vendor = PageKite Packaging Team <packages@pagekite.net>
[egg_info]
tag_build =
tag_date = 0
tag_svn_revision = 0
[install]
prefix = /usr
install_lib = /usr/lib/python2.7/site-packages
single_version_externally_managed = yes
#!/usr/bin/env python
from setuptools import setup
VERSION = "2.0.12"
VERSION = "2.0.15"
setup(
name = "SocksipyChain",
......
......@@ -2,7 +2,7 @@
"""SocksiPy - Python SOCKS module.
Version 2.00
Copyright 2011 Bjarni R. Einarsson. All rights reserved.
Copyright 2011-2015 Bjarni R. Einarsson. All rights reserved.
Copyright 2006 Dan-Haim. All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
......@@ -128,8 +128,6 @@ except ImportError:
HAVE_SSL = True
class SSL(object):
SSLv23_METHOD = ssl.PROTOCOL_SSLv23
SSLv3_METHOD = ssl.PROTOCOL_SSLv3
TLSv1_METHOD = ssl.PROTOCOL_TLSv1
WantReadError = ssl.SSLError
class Error(Exception): pass
......@@ -143,6 +141,7 @@ except ImportError:
self.certchain_file = None
self.ca_certs = None
self.ciphers = None
self.options = 0
def use_privatekey_file(self, fn):
self.privatekey_file = fn
def use_certificate_chain_file(self, fn):
......@@ -151,6 +150,11 @@ except ImportError:
self.ciphers = ciphers
def load_verify_locations(self, pemfile, capath=None):
self.ca_certs = pemfile
def set_options(self, options): # FIXME: this does nothing
self.options = options
if hasattr(ssl, 'PROTOCOL_SSLv23'):
SSL.SSLv23_METHOD = ssl.PROTOCOL_SSLv23
def SSL_CheckPeerName(fd, names):
cert = fd.getpeercert()
......@@ -241,6 +245,31 @@ def DisableSSLCompression():
if DEBUG: DEBUG('disableSSLCompression: Failed')
def MakeBestEffortSSLContext(weak=False, legacy=False, anonymous=False,
ciphers=None):
ssl_version, ssl_options = SSL.TLSv1_METHOD, 0
if hasattr(SSL, 'SSLv23_METHOD') and (weak or legacy):
ssl_version = SSL.SSLv23_METHOD
if hasattr(SSL, 'OP_NO_SSLv2') and not weak:
ssl_version = SSL.SSLv23_METHOD
ssl_options |= SSL.OP_NO_SSLv2
if hasattr(SSL, 'OP_NO_SSLv3') and not legacy:
ssl_options |= SSL.OP_NO_SSLv3
if not ciphers:
if anonymous:
# Insecure and use anon ciphers - this is just camoflage
ciphers = 'aNULL'
else:
ciphers = 'HIGH:-aNULL:-eNULL:-PSK:RC4-SHA:RC4-MD5'
ctx = SSL.Context(ssl_version)
ctx.set_options(ssl_options)
ctx.set_cipher_list(ciphers)
return ctx
##[ SocksiPy itself ]#########################################################
PROXY_TYPE_DEFAULT = -1
......@@ -872,12 +901,6 @@ class socksocket(socket.socket):
self.__proxysockname = ("0.0.0.0", 0)
self.__proxypeername = (addr, destport)
def __get_ca_ciphers(self):
return 'HIGH:MEDIUM:!MD5'
def __get_ca_anon_ciphers(self):
return 'aNULL'
def __get_ca_certs(self):
return TLS_CA_CERTS
......@@ -886,21 +909,15 @@ class socksocket(socket.socket):
"""__negotiatessl(self, destaddr, destport, proxy)
Negotiates an SSL session.
"""
ssl_version = SSL.SSLv3_METHOD
want_hosts = ca_certs = self_cert = None
ciphers = self.__get_ca_ciphers()
if anonymous:
# Insecure and use anon ciphers - this is just camoflage
ciphers = self.__get_ca_anon_ciphers()
elif not weak:
if not weak and not anonymous:
# This is normal, secure mode.
self_cert = proxy[P_USER] or None
ca_certs = proxy[P_CACERTS] or self.__get_ca_certs() or None
want_hosts = proxy[P_CERTS] or [proxy[P_HOST]]
try:
ctx = SSL.Context(ssl_version)
ctx.set_cipher_list(ciphers)
ctx = MakeBestEffortSSLContext(weak=weak, anonymous=anonymous)
if self_cert:
ctx.use_certificate_chain_file(self_cert)
ctx.use_privatekey_file(self_cert)
......
......@@ -14,7 +14,7 @@ socks.setdefaultproxy(socks.PROXY_TYPE_HTTP, 'klaki.net', 18080)
# Route an HTTP request through the SOCKS proxy
socks.wrapmodule(urllib2)
print urllib2.urlopen('http://automation.whatismyip.com/n09230945.asp').read()
print urllib2.urlopen('http://bot.whatismyipaddress.com/').read()
# Route an FTP session through the SOCKS proxy
#socks.wrapmodule(ftplib)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment