Fix SSL negotiation #32

base.py

@@ -8,7 +8,7 @@
 # Euiseo Cha (Wonkwang University) <zeroday0619_dev@outlook.com>
 # https://github.com/gnh1201/caterpillar
 # Created at: 2024-05-20
-# Updated at: 2024-07-09
+# Updated at: 2024-07-11
 #
 
 import logging
@@ -17,6 +17,8 @@ import json
 import os
 import re
 import importlib
+import subprocess
+import platform
 
 from datetime import datetime, timezone
 from typing import Union, List
@@ -60,6 +62,59 @@ def jsonrpc2_error_encode(error, id=""):
     return json.dumps(data)
 
 
+def find_openssl_binpath():
+    system = platform.system()
+
+    if system == "Windows":
+        possible_paths = [
+            os.path.join(
+                os.getenv("ProgramFiles", "C:\\Program Files"),
+                "OpenSSL-Win64",
+                "bin",
+                "openssl.exe",
+            ),
+            os.path.join(
+                os.getenv("ProgramFiles", "C:\\Program Files"),
+                "OpenSSL-Win32",
+                "bin",
+                "openssl.exe",
+            ),
+            os.path.join(
+                os.getenv("ProgramFiles(x86)", "C:\\Program Files (x86)"),
+                "OpenSSL-Win32",
+                "bin",
+                "openssl.exe",
+            ),
+            os.path.join(
+                os.getenv("ProgramW6432", "C:\\Program Files"),
+                "OpenSSL-Win64",
+                "bin",
+                "openssl.exe",
+            ),
+            os.path.join(
+                os.getenv("ProgramW6432", "C:\\Program Files"),
+                "OpenSSL-Win32",
+                "bin",
+                "openssl.exe",
+            ),
+        ]
+        for path in possible_paths:
+            if os.path.exists(path):
+                return path
+    else:
+        try:
+            result = subprocess.run(
+                ["which", "openssl"], stdout=subprocess.PIPE, stderr=subprocess.PIPE
+            )
+            path = result.stdout.decode().strip()
+            if path:
+                return path
+        except Exception as e:
+            pass
+
+    return "openssl"
+
+
 class Extension:
     extensions = []
     protocols = []

server.py

@@ -7,7 +7,7 @@
 # Namyheon Go (Catswords Research) <gnh1201@gmail.com>
 # https://github.com/gnh1201/caterpillar
 # Created at: 2022-10-06
-# Updated at: 2024-07-09
+# Updated at: 2024-07-11
 #
 
 import argparse
@@ -38,6 +38,7 @@ from base import (
     jsonrpc2_create_id,
     jsonrpc2_encode,
     jsonrpc2_result_encode,
+    find_openssl_binpath,
     Logger,
 )
 
@@ -54,7 +55,7 @@ try:
     cacert = config("CA_CERT", default="ca.crt")
     certkey = config("CERT_KEY", default="cert.key")
     certdir = config("CERT_DIR", default="certs/")
-    openssl_binpath = config("OPENSSL_BINPATH", default="openssl")
+    openssl_binpath = config("OPENSSL_BINPATH", default=find_openssl_binpath())
     client_encoding = config("CLIENT_ENCODING", default="utf-8")
     local_domain = config("LOCAL_DOMAIN", default="")
     proxy_pass = config("PROXY_PASS", default="")
@@ -230,17 +231,33 @@ def proxy_connect(webserver, conn):
                 stderr=PIPE,
             )
             p2.communicate()
+    except FileNotFoundError as e:
+        logger.error(
+            "[*] OpenSSL distribution not found on this system. Skipping certificate issuance.",
+            exc_info=e,
+        )
+        certpath = "default.crt"
     except Exception as e:
-        logger.error("[*] Skipped generating the certificate.", exc_info=e)
+        logger.error("[*] Skipping certificate issuance.", exc_info=e)
+        certpath = "default.crt"
 
     # https://stackoverflow.com/questions/11255530/python-simple-ssl-socket-server
     # https://docs.python.org/3/library/ssl.html
     context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+    context.check_hostname = False
+    context.verify_mode = ssl.CERT_NONE
     context.load_cert_chain(certpath, certkey)
 
-    # https://stackoverflow.com/questions/11255530/python-simple-ssl-socket-server
-    conn = context.wrap_socket(conn, server_side=True)
-    data = conn.recv(buffer_size)
+    try:
+        # https://stackoverflow.com/questions/11255530/python-simple-ssl-socket-server
+        conn = context.wrap_socket(conn, server_side=True)
+        data = conn.recv(buffer_size)
+    except ssl.SSLError as e:
+        logger.error(
+            "[*] SSL negotiation failed. Check that the CA certificate is installed.",
+            exc_info=e,
+        )
+        return (conn, b"")
 
     return (conn, data)