diff options
| author | Rob Austein <sra@hactrn.net> | 2012-01-06 07:29:18 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2012-01-06 07:29:18 +0000 |
| commit | 38c391ec3d2a41407500d77c89d08b3fa9852f09 (patch) | |
| tree | 5358919417bd774a036fdf07e9dfdbe5836979a8 /rtr-origin | |
| parent | f44b1e5901eac918f45c3ac3ec1c22efbe6d00cc (diff) | |
Lab test of rpki-rtr over TLS using stunnel and s_client
svn path=/trunk/; revision=4143
Diffstat (limited to 'rtr-origin')
| -rwxr-xr-x | rtr-origin/rtr-origin.py | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/rtr-origin/rtr-origin.py b/rtr-origin/rtr-origin.py index 246e4120..3b6ec145 100755 --- a/rtr-origin/rtr-origin.py +++ b/rtr-origin/rtr-origin.py @@ -1240,6 +1240,25 @@ class client_channel(pdu_channel): proc = subprocess.Popen(argv, stdin = s[0], stdout = s[0], close_fds = True), killsig = signal.SIGINT) + @classmethod + def tls(cls, host, port): + """ + Set up TLS connection and start listening for first PDU. + + NB: This uses OpenSSL's "s_client" command, which does not + check server certificates properly, so this is not suitable for + production use. Fixing this would be a trivial change, it just + requires using a client program which does check certificates + properly (eg, gnutls-cli, or stunnel's client mode if that works + for such purposes this week). + """ + args = ("openssl", "s_client", "-tls1", "-quiet", "-connect", "%s:%s" % (host, port)) + blather("[Running: %s]" % " ".join(args)) + s = socket.socketpair() + return cls(sock = s[1], + proc = subprocess.Popen(args, stdin = s[0], stdout = s[0], close_fds = True), + killsig = signal.SIGKILL) + def deliver_pdu(self, pdu): """ Handle received PDU. @@ -1572,6 +1591,10 @@ def client_main(argv): direct (and completely insecure!) TCP connection to the server. The remaining arguments should be a hostname (or IP address) and a TCP port number. + + If the first argument is "tls", the client will attempt to open a TLS connection to the server. The + remaining arguments should be a hostname (or IP address) and a TCP + port number. """ blather("[Startup]") @@ -1583,6 +1606,8 @@ def client_main(argv): client = client_channel.ssh(*argv[1:]) elif argv[0] == "tcp" and len(argv) == 3: client = client_channel.tcp(*argv[1:]) + elif argv[0] == "tls" and len(argv) == 3: + client = client_channel.tls(*argv[1:]) else: sys.exit("Unexpected arguments: %r" % (argv,)) while True: |