Fix SSL negotiation

This commit is contained in:
Namhyeon Go 2024-07-12 00:34:33 +09:00
parent e2442a6290
commit 9bf5078294
2 changed files with 9 additions and 4 deletions

View File

@ -28,8 +28,8 @@ If you have a server that ***will be parasitized*** and you want to proxy it, yo
```
[settings]
PORT=5555
SERVER_URL=http://example.org
SERVER_CONNECTION_TYPE=stateless
SERVER_URL=localhost
SERVER_CONNECTION_TYPE=
CA_KEY=ca.key
CA_CERT=ca.crt
CERT_KEY=cert.key
@ -39,6 +39,8 @@ CLIENT_ENCODING=utf-8
USE_EXTENSIONS=wayback.Wayback,bio.PyBio
```
***Note***: If using Caterpillar Proxy (Python) alone, set `SERVER_URL=localhost`. Otherwise, use the endpoint URL of the Worker script (PHP or Java), e.g., `SERVER_URL=http://example.org`.
- (Optional) Create a certificate for SSL decryption
```bash

View File

@ -241,12 +241,15 @@ def proxy_connect(webserver, conn):
logger.error("[*] Skipping certificate issuance.", exc_info=e)
certpath = "default.crt"
logger.info("[*] Certificate file: %s" % (certpath))
logger.info("[*] Private key file: %s" % (certkey))
# https://stackoverflow.com/questions/11255530/python-simple-ssl-socket-server
# https://docs.python.org/3/library/ssl.html
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
context.load_cert_chain(certpath, certkey)
context.load_cert_chain(certfile=certpath, keyfile=certkey)
try:
# https://stackoverflow.com/questions/11255530/python-simple-ssl-socket-server
@ -254,7 +257,7 @@ def proxy_connect(webserver, conn):
data = conn.recv(buffer_size)
except ssl.SSLError as e:
logger.error(
"[*] SSL negotiation failed. Check that the CA certificate is installed.",
"[*] SSL negotiation failed.",
exc_info=e,
)
return (conn, b"")