Commit 4a411fd4 authored by Alexandre's avatar Alexandre
Browse files

Refactoring and print error on stderr

parent 12872262
......@@ -392,9 +392,9 @@ class Connection:
self.server = server
self.servername = servername
if self.servername is not None:
self.check = self.servername
self.check_name_cert = self.servername
else:
self.check = self.server
self.check_name_cert = self.server
self.dot = dot
self.verbose = verbose
self.debug = debug
......@@ -453,10 +453,9 @@ class ConnectionDoT(Connection):
def connect(self, addr, sock_family):
signal.alarm(TIMEOUT_CONN)
self.addr = addr
self.sock = socket.socket(sock_family, socket.SOCK_STREAM)
if self.verbose:
print("Connecting to %s ..." % str(self.addr))
print("Connecting to %s ..." % str(addr))
# With typical DoT servers, we *must* use TLS 1.2 (otherwise,
# do_handshake fails with "OpenSSL.SSL.SysCallError: (-1, 'Unexpected
# EOF')" Typical HTTP servers are more lax.
......@@ -471,9 +470,9 @@ class ConnectionDoT(Connection):
lambda conn, cert, errno, depth, preverify_ok: preverify_ok)
self.session = OpenSSL.SSL.Connection(self.context, self.sock)
if sni:
self.session.set_tlsext_host_name(canonicalize(self.check).encode())
self.session.set_tlsext_host_name(canonicalize(self.check_name_cert).encode())
try:
self.session.connect((self.addr))
self.session.connect((addr))
self.session.do_handshake()
except TimeoutConnectionError:
if self.verbose:
......@@ -494,7 +493,7 @@ class ConnectionDoT(Connection):
return False
except OpenSSL.SSL.Error as e:
if self.verbose:
print(f"OpenSSL error: {', '.join(err[0][2] for err in e.args)}")
error(f"OpenSSL error: {', '.join(err[0][2] for err in e.args)}", exit=False)
return False
# RFC 7858, section 4.2 and appendix A
self.cert = self.session.get_peer_certificate()
......@@ -513,12 +512,14 @@ class ConnectionDoT(Connection):
key_string)
if not insecure:
if key is None:
valid = validate_hostname(self.check, self.cert)
valid = validate_hostname(self.check_name_cert, self.cert)
if not valid:
error("Certificate error: \"%s\" is not in the certificate" % (self.check))
error("Certificate error: \"%s\" is not in the certificate" % (self.check_name_cert), exit=False)
return False
else:
if key_string != key:
error("Key error: expected \"%s\", got \"%s\"" % (key, key_string))
error("Key error: expected \"%s\", got \"%s\"" % (key, key_string), exit=False)
return False
signal.alarm(0)
if pipelining:
self.sock.settimeout(TIMEOUT_READ)
......@@ -889,9 +890,9 @@ def run_check_default(connection):
requests = create_requests_list(dot=dot, **req_args)
for request_pack in requests:
if dot:
test_name, request, mandatory = request_pack
test_name, request, level = request_pack
else:
test_name, request, method, mandatory = request_pack
test_name, request, method, level = request_pack
if verbose:
print(test_name)
if dot:
......@@ -912,7 +913,7 @@ def run_check_default(connection):
break
request.check_response(debug)
if not print_result(connection, request, prefix=test_name, display_err=False):
if mandatory >= mandatory_level:
if level >= mandatory_level:
print_result(connection, request, prefix=test_name, display_err=True)
ok = False
if verbose:
......
......@@ -632,7 +632,7 @@ tests:
- 'ns0.ldn-fai.net'
- 'framagit.org'
retcode: 1
partstdout: 'certificate verify failed'
partstderr: 'certificate verify failed'
################################################################################
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment