electrum

Electrum Bitcoin wallet
git clone https://git.parazyd.org/electrum
Log | Files | Refs | Submodules
commit 36b61fccfd406cc873524bacbbc8dabe1cc4fe38
parent 1bcb361fca93acdd7be6ddbc2ee20310372e5ccd
Author: ThomasV <thomasv@gitorious>
Date:   Wed,  2 Oct 2013 09:22:13 +0200

temporary_path for unverified certificates

Diffstat:

Mlib/interface.py | 46+++++++++++++++++++++++++++-------------------


1 file changed, 27 insertions(+), 19 deletions(-)

diff --git a/lib/interface.py b/lib/interface.py
@@ -31,6 +31,21 @@ DEFAULT_TIMEOUT = 5
 proxy_modes = ['socks4', 'socks5', 'http']
 
 
+def is_expired(cert):
+    from OpenSSL import crypto as c
+    _cert = c.load_certificate(c.FILETYPE_PEM, cert)
+    notAfter = _cert.get_notAfter() 
+    notBefore = _cert.get_notBefore() 
+    now = time.time()
+    if now > time.mktime( time.strptime(notAfter[:-1] + "GMT", "%Y%m%d%H%M%S%Z") ):
+        print "deprecated cert", self.host, notAfter
+        return True
+    if now < time.mktime( time.strptime(notBefore[:-1] + "GMT", "%Y%m%d%H%M%S%Z") ):
+        print "notbefore", self.host, notBefore
+        return True
+    return False
+
+
 class Interface(threading.Thread):
 
 
@@ -266,7 +281,7 @@ class Interface(threading.Thread):
                 try:
                     s.connect((self.host, self.port))
                 except:
-                    print_error("failed to connect", self.host, self.port)
+                    # print_error("failed to connect", self.host, self.port)
                     return
 
                 s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_NONE, ca_certs=None)
@@ -274,20 +289,8 @@ class Interface(threading.Thread):
                 s.close()
                 cert = ssl.DER_cert_to_PEM_cert(dercert)
 
-                from OpenSSL import crypto as c
-                _cert = c.load_certificate(c.FILETYPE_PEM, cert)
-                notAfter = _cert.get_notAfter() 
-                notBefore = _cert.get_notBefore() 
-                now = time.time()
-                if now > time.mktime( time.strptime(notAfter[:-1] + "GMT", "%Y%m%d%H%M%S%Z") ):
-                    print "deprecated cert", self.host, notAfter
-                    return
-                if now < time.mktime( time.strptime(notBefore[:-1] + "GMT", "%Y%m%d%H%M%S%Z") ):
-                    print "notbefore", self.host, notBefore
-                    return
-
-                with open(cert_path,"w") as f:
-                    print_error("saving certificate for",self.host)
+                temporary_path = cert_path + '.temp'
+                with open(temporary_path,"w") as f:
                     f.write(cert)
             else:
                 is_new = False
@@ -308,19 +311,24 @@ class Interface(threading.Thread):
                 s = ssl.wrap_socket(s,
                                     ssl_version=ssl.PROTOCOL_SSLv3,
                                     cert_reqs=ssl.CERT_REQUIRED,
-                                    ca_certs=cert_path,
+                                    ca_certs= (temporary_path if is_new else cert_path),
                                     do_handshake_on_connect=True)
             except ssl.SSLError, e:
                 print_error("SSL error:", self.host, e)
-                # delete the certificate so we will download a new one
                 if is_new:
-                    os.unlink(cert_path)
+                    os.unlink(temporary_path)
                 return
             except:
-                traceback.print_exc(file=sys.stdout)
                 print_error("wrap_socket failed", self.host)
+                traceback.print_exc(file=sys.stdout)
+                if is_new:
+                    os.unlink(temporary_path)
                 return
 
+            if is_new:
+                print_error("saving certificate for", self.host)
+                os.rename(temporary_path, cert_path)
+
             # hostname verification (disabled)
             #from backports.ssl_match_hostname import match_hostname, CertificateError
             #try: