Add log message if we can't enable ECC. Require pyopenssl>=0.14 since 0.13 doesn't seem to have ECC

This commit is contained in:
Mark Haines 2014-10-24 19:27:12 +01:00
parent db2e350e29
commit 15be181642
2 changed files with 5 additions and 1 deletions

View File

@ -34,6 +34,7 @@ setup(
"syutil==0.0.2", "syutil==0.0.2",
"Twisted>=14.0.0", "Twisted>=14.0.0",
"service_identity>=1.0.0", "service_identity>=1.0.0",
"pyopenssl>=0.14",
"pyyaml", "pyyaml",
"pyasn1", "pyasn1",
"pynacl", "pynacl",

View File

@ -16,6 +16,9 @@ from twisted.internet import ssl
from OpenSSL import SSL from OpenSSL import SSL
from twisted.internet._sslverify import _OpenSSLECCurve, _defaultCurveName from twisted.internet._sslverify import _OpenSSLECCurve, _defaultCurveName
import logging
logger = logging.getLogger(__name__)
class ServerContextFactory(ssl.ContextFactory): class ServerContextFactory(ssl.ContextFactory):
"""Factory for PyOpenSSL SSL contexts that are used to handle incoming """Factory for PyOpenSSL SSL contexts that are used to handle incoming
@ -31,7 +34,7 @@ class ServerContextFactory(ssl.ContextFactory):
_ecCurve = _OpenSSLECCurve(_defaultCurveName) _ecCurve = _OpenSSLECCurve(_defaultCurveName)
_ecCurve.addECKeyToContext(context) _ecCurve.addECKeyToContext(context)
except: except:
pass logger.exception("Failed to enable eliptic curve for TLS")
context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3) context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
context.use_certificate(config.tls_certificate) context.use_certificate(config.tls_certificate)
context.use_privatekey(config.tls_private_key) context.use_privatekey(config.tls_private_key)