startTLS: avoid retrying TLS connection if hostname is an IP address

2024-12-17 20:34:42 +00:00 · 2019-02-04 17:50:07 +01:00 · 2019-02-04 17:50:07 +01:00 · 81e0a20047
commit 81e0a20047
parent 7910ddec15
3 changed files with 8 additions and 9 deletions
--- a/syncplay/client.py
+++ b/syncplay/client.py
@ -714,10 +714,14 @@ class SyncplayClient(object):
        if '[' in host:
            host = host.strip('[]')
        port = int(port)
-        with open('cert/server.crt') as cert_file:
-            trust_root = Certificate.loadPEM(cert_file.read())
        self._endpoint = HostnameEndpoint(reactor, host, port)
-        self.protocolFactory.options = optionsForClientTLS(hostname=host, trustRoot = trust_root)
+        try:
+            with open('cert/server.crt') as cert_file:
+                trust_root = Certificate.loadPEM(cert_file.read())
+            self.protocolFactory.options = optionsForClientTLS(hostname=host, trustRoot = trust_root)
+        except Exception as e:
+            self.protocolFactory.options = None
+            self._serverSupportsTLS = False

        def retry(retries):
            self._lastGlobalUpdate = None
--- a/syncplay/protocols.py
+++ b/syncplay/protocols.py
@ -81,16 +81,13 @@ class SyncClientProtocol(JSONCommandProtocol):
            self.sendTLS({"startTLS": "send"})
            self._client.ui.showMessage("Attempting secure connection")
        else:
+            self._client.ui.showErrorMessage("This server does not support TLS")
            self.sendHello()

    def connectionLost(self, reason):
        try:
            if "Invalid DNS-ID" in str(reason.value):
                self._client._serverSupportsTLS = False
-            elif "certificate verify failed" in str(reason.value):
-                self._client._serverSupportsTLS = False
-            elif "tlsv1 alert protocol version" in str(reason.value):
-                self._client._clientSupportsTLS = False
        except:
            pass
        self._client.destroyProtocol()
@ -315,7 +312,6 @@ class SyncClientProtocol(JSONCommandProtocol):

    def handleError(self, error):
        if "startTLS" in error["message"] and not self.logged:
-            self._client.ui.showErrorMessage("This server does not support TLS")
            self._client._serverSupportsTLS = False
        else:
            self.dropWithError(error["message"])
--- a/syncplayServer.py
+++ b/syncplayServer.py
@ -13,7 +13,6 @@ except AttributeError:
    import warnings
    warnings.warn("You must run Syncplay with Python 3.4 or newer!")

-from OpenSSL import crypto
 from twisted.internet import reactor
 from twisted.internet.endpoints import TCP4ServerEndpoint, TCP6ServerEndpoint