[minion-cvs] Begin migrating to support the spec"s alternative SSL c...

[nickm@seul.org (Nick Mathewson)]

Update of /home/minion/cvsroot/src/minion/lib/mixminion/server
In directory moria.mit.edu:/tmp/cvs-serv22264/lib/mixminion/server

Modified Files:
	MMTPServer.py ServerKeys.py ServerMain.py 
Log Message:
Begin migrating to support the spec's alternative SSL crypto suite.

The spec says that we should support an alternative (and more common)
crypto suite for client-to-server communications.  The alternative
suite is only present in SSL3; the preferred one is in TLS1.

Older versions of the code are configured to generate only TLS1
connections -- and (previously unknown to me) accept only TLS1
connections.  To do the right thing, we need to accept TLS1 and SSL3,
but generate only TLS1.  This patch does that.



Index: MMTPServer.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/server/MMTPServer.py,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -d -r1.53 -r1.54
--- MMTPServer.py	19 Oct 2003 03:12:02 -0000	1.53
+++ MMTPServer.py	19 Oct 2003 05:21:45 -0000	1.54
@@ -1053,17 +1053,19 @@
        MMTPClientConnection, with a function to add new connections, and
        callbacks for message success and failure."""
     ##
-    # context: a TLSContext object to use for newly received connections.
+    # serverContext: a TLSContext object to use for newly received connections.
+    # clientContext: a TLSContext object to use for initiated connections.
     # clientConByAddr: A map from 3-tuples returned by MMTPClientConnection.
     #     getAddr, to MMTPClientConnection objects.
     # certificateCache: A PeerCertificateCache object.
     # listener: A ListenConnection object.
     # _timeout: The number of seconds of inactivity to allow on a connection
     #     before formerly shutting it down.
-    def __init__(self, config, tls):
+    def __init__(self, config, servercontext):
         AsyncServer.__init__(self)
 
-        self.context = tls
+        self.serverContext = servercontext
+        self.clientContext = _ml.TLSContext_new()
         # FFFF Don't always listen; don't always retransmit!
         # FFFF Support listening on multiple IPs
 
@@ -1105,10 +1107,10 @@
     def connectDNSCache(self, dnsCache):
         self.dnsCache = dnsCache
 
-    def setContext(self, context):
+    def setServerContext(self, servercontext):
         """Change the TLS context used for newly received connections.
            Used to rotate keys."""
-        self.context = context
+        self.serverContext = servercontext
 
     def getNextTimeoutTime(self, now=None):
         """Return the time at which we next purge connections, if we have
@@ -1121,7 +1123,7 @@
         """helper method.  Creates and registers a new server connection when
            the listener socket gets a hit."""
         # FFFF Check whether incoming IP is allowed!
-        tls = self.context.sock(sock, serverMode=1)
+        tls = self.serverContext.sock(sock, serverMode=1)
         sock.setblocking(0)
         con = MMTPServerConnection(sock, tls, self.onMessageReceived)
         con.register(self)
@@ -1190,7 +1192,7 @@
             # There isn't any connection to the right server. Open one...
             addr = (ip, port, keyID)
             finished = lambda addr=addr, self=self: self.__clientFinished(addr)
-            con = MMTPClientConnection(self.context,
+            con = MMTPClientConnection(self.clientContext,
                                      ip, port, keyID, deliverable,
                                      finishedCallback=finished,
                                      certCache=self.certificateCache)

Index: ServerKeys.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/server/ServerKeys.py,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -d -r1.51 -r1.52
--- ServerKeys.py	19 Oct 2003 03:12:02 -0000	1.51
+++ ServerKeys.py	19 Oct 2003 05:21:45 -0000	1.52
@@ -449,7 +449,7 @@
                  len(deadKeys), " ".join(deadKeyNames))
         if mmtpServer is not None:
             context = self._getTLSContext(keys[-1])
-            mmtpServer.setContext(context)
+            mmtpServer.setServerContext(context)
         if packetHandler is not None:
             packetKeys = []
             hashLogs = []

Index: ServerMain.py
===================================================================
RCS file: /home/minion/cvsroot/src/minion/lib/mixminion/server/ServerMain.py,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -d -r1.95 -r1.96
--- ServerMain.py	19 Oct 2003 03:12:02 -0000	1.95
+++ ServerMain.py	19 Oct 2003 05:21:45 -0000	1.96
@@ -355,8 +355,9 @@
     ## Fields:
     # incomingQueue -- a Queue to hold messages we receive
     # outgoingQueue -- a DeliveryQueue to hold messages to be sent.
-    def __init__(self, config, tls):
-        mixminion.server.MMTPServer.MMTPAsyncServer.__init__(self, config, tls)
+    def __init__(self, config, servercontext, clientcontext):
+        mixminion.server.MMTPServer.MMTPAsyncServer.__init__(
+            self, config, servercontext, clientcontext)
 
     def connectQueues(self, incoming, outgoing):
         self.incomingQueue = incoming
@@ -669,7 +670,7 @@
         LOG.debug("Initializing packet handler")
         self.packetHandler = mixminion.server.PacketHandler.PacketHandler()
         LOG.debug("Initializing MMTP server")
-        self.mmtpServer = _MMTPServer(config, None)
+        self.mmtpServer = _MMTPServer(config, None, clientContext)
         LOG.debug("Initializing keys")
         self.descriptorFile = os.path.join(homeDir, "current-desc")
         self.keyring.updateKeys(self.packetHandler, self.mmtpServer,