Fix error connecting on HTTPS sites with wrong certificates

phpsource · Nov 9, 2016 · a9efa97 · a9efa97
1 parent c9bc466
commit a9efa97
Show file tree

Hide file tree

Showing 2 changed files with 87 additions and 0 deletions.
diff --git a/core/channels/channel.py b/core/channels/channel.py
@@ -8,6 +8,7 @@
 import sockshandler
 import urllib2
 import re
+import ssl
 
 url_dissector = re.compile(
     r'^(https?|socks4|socks5)://'  # http:// or https://
@@ -88,6 +89,13 @@ def _additional_handlers(self):
             else:
                 raise ChannelException(messages.channels.error_proxy_format)
 
+        # Skip certificate checks
+        ctx = ssl.create_default_context()
+        ctx.check_hostname = False
+        ctx.verify_mode = ssl.CERT_NONE
+
+        handlers.append(urllib2.HTTPSHandler(context=ctx))
+
         return handlers
 
     def send(self, payload):

diff --git a/testsuite/test_channels.py b/testsuite/test_channels.py
@@ -13,8 +13,18 @@
 import subprocess
 import tempfile
 import core.config
+import socket
 
 
+def _get_google_ip():
+    try:
+        data = socket.gethostbyname('www.google.com')
+        ip = repr(data)
+        if ip:
+            return ip
+    except Exception:
+        pass
+
 class StegaRefChannel(BaseTest):
 
     def setUp(self):
@@ -66,6 +76,32 @@ def test_additional_headers(self):
         self.assertIn('OTHERCOOKIE', headers_string)
 
 
+
+class StegaRefChannelWrongCert(BaseTest):
+
+    def setUp(self):
+
+        ip = _get_google_ip()
+        if not ip:
+            return 
+
+        url = 'https://%s/nonexistent' % (ip)
+
+        self.channel = Channel(
+            'StegaRef',
+            {
+                'url' : url,
+                'password' : 'none'
+            }
+        )
+
+    def test_wrong_cert(self):
+
+        try:
+            self.channel.send('echo("1");')
+        except Exception as e:
+            self.fail("test_wrong_cert exception\n%s" % (str(e)))
+
 @unittest.skipIf(
     not test_stress_channels,
     "Test only default generator agent")
@@ -165,6 +201,27 @@ def test_additional_headers(self):
 
         self.channel.channel_loaded.additional_headers = [ ]
 
+    def test_wrong_cert(self):
+
+        ip = _get_google_ip()
+        if not ip:
+            return 
+
+        url = 'https://%s/nonexistent' % (ip)
+
+        channel = Channel(
+            'LegacyCookie',
+            {
+                'url' : url,
+                'password' : 'none'
+            }
+        )
+
+        try:
+            channel.send('echo("1");')
+        except Exception as e:
+            self.fail("LegacyCookie test_wrong_cert exception\n%s" % (str(e)))
+
 @unittest.skipIf(
     not test_stress_channels,
     "Test only default generator agent")
@@ -262,3 +319,25 @@ def test_additional_headers(self):
         self.assertIn('[Cookie] => C1=F1; C2=F2; C3=F3; C4=F4', headers_string)
         self.assertNotIn('REFERER1', headers_string)
         self.assertIn('[X-Other-Cookie] => OTHER', headers_string)
+
+
+    def test_wrong_cert(self):
+
+        ip = _get_google_ip()
+        if not ip:
+            return 
+
+        url = 'https://%s/nonexistent' % (ip)
+
+        channel = Channel(
+            'LegacyReferrer',
+            {
+                'url' : url,
+                'password' : 'none'
+            }
+        )
+
+        try:
+            channel.send('echo("1");')
+        except Exception as e:
+            self.fail("LegacyReferrer test_wrong_cert exception\n%s" % (str(e)))