diff --git a/base.py b/base.py index beda7cb..467a90a 100644 --- a/base.py +++ b/base.py @@ -8,7 +8,7 @@ # Euiseo Cha (Wonkwang University) # https://github.com/gnh1201/caterpillar # Created at: 2024-05-20 -# Updated at: 2024-07-09 +# Updated at: 2024-07-11 # import logging @@ -17,6 +17,8 @@ import json import os import re import importlib +import subprocess +import platform from datetime import datetime, timezone from typing import Union, List @@ -60,6 +62,59 @@ def jsonrpc2_error_encode(error, id=""): return json.dumps(data) +def find_openssl_binpath(): + system = platform.system() + + if system == "Windows": + possible_paths = [ + os.path.join( + os.getenv("ProgramFiles", "C:\\Program Files"), + "OpenSSL-Win64", + "bin", + "openssl.exe", + ), + os.path.join( + os.getenv("ProgramFiles", "C:\\Program Files"), + "OpenSSL-Win32", + "bin", + "openssl.exe", + ), + os.path.join( + os.getenv("ProgramFiles(x86)", "C:\\Program Files (x86)"), + "OpenSSL-Win32", + "bin", + "openssl.exe", + ), + os.path.join( + os.getenv("ProgramW6432", "C:\\Program Files"), + "OpenSSL-Win64", + "bin", + "openssl.exe", + ), + os.path.join( + os.getenv("ProgramW6432", "C:\\Program Files"), + "OpenSSL-Win32", + "bin", + "openssl.exe", + ), + ] + for path in possible_paths: + if os.path.exists(path): + return path + else: + try: + result = subprocess.run( + ["which", "openssl"], stdout=subprocess.PIPE, stderr=subprocess.PIPE + ) + path = result.stdout.decode().strip() + if path: + return path + except Exception as e: + pass + + return "openssl" + + class Extension: extensions = [] protocols = [] diff --git a/server.py b/server.py index d21b155..73826d2 100644 --- a/server.py +++ b/server.py @@ -7,7 +7,7 @@ # Namyheon Go (Catswords Research) # https://github.com/gnh1201/caterpillar # Created at: 2022-10-06 -# Updated at: 2024-07-09 +# Updated at: 2024-07-11 # import argparse @@ -38,6 +38,7 @@ from base import ( jsonrpc2_create_id, jsonrpc2_encode, jsonrpc2_result_encode, + find_openssl_binpath, Logger, ) @@ -54,7 +55,7 @@ try: cacert = config("CA_CERT", default="ca.crt") certkey = config("CERT_KEY", default="cert.key") certdir = config("CERT_DIR", default="certs/") - openssl_binpath = config("OPENSSL_BINPATH", default="openssl") + openssl_binpath = config("OPENSSL_BINPATH", default=find_openssl_binpath()) client_encoding = config("CLIENT_ENCODING", default="utf-8") local_domain = config("LOCAL_DOMAIN", default="") proxy_pass = config("PROXY_PASS", default="") @@ -230,17 +231,33 @@ def proxy_connect(webserver, conn): stderr=PIPE, ) p2.communicate() + except FileNotFoundError as e: + logger.error( + "[*] OpenSSL distribution not found on this system. Skipping certificate issuance.", + exc_info=e, + ) + certpath = "default.crt" except Exception as e: - logger.error("[*] Skipped generating the certificate.", exc_info=e) + logger.error("[*] Skipping certificate issuance.", exc_info=e) + certpath = "default.crt" # https://stackoverflow.com/questions/11255530/python-simple-ssl-socket-server # https://docs.python.org/3/library/ssl.html context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE context.load_cert_chain(certpath, certkey) - # https://stackoverflow.com/questions/11255530/python-simple-ssl-socket-server - conn = context.wrap_socket(conn, server_side=True) - data = conn.recv(buffer_size) + try: + # https://stackoverflow.com/questions/11255530/python-simple-ssl-socket-server + conn = context.wrap_socket(conn, server_side=True) + data = conn.recv(buffer_size) + except ssl.SSLError as e: + logger.error( + "[*] SSL negotiation failed. Check that the CA certificate is installed.", + exc_info=e, + ) + return (conn, b"") return (conn, data)