* Added "no compression" to ssl options for tunnel

* Updated headers & reformated rest.py
2021-01-23 21:50:40 +01:00 · 2021-01-23 21:50:40 +01:00 · 9e88ff5daa
commit 9e88ff5daa
parent cb5a6f2430
3 changed files with 43 additions and 19 deletions
--- a/client-py3/full/src/uds/rest.py
+++ b/client-py3/full/src/uds/rest.py
@ -40,7 +40,12 @@ import certifi
 from PyQt5.QtCore import pyqtSignal
 from PyQt5.QtCore import QObject, QUrl, QSettings
 from PyQt5.QtCore import Qt
-from PyQt5.QtNetwork import QNetworkAccessManager, QNetworkRequest, QNetworkReply, QSslCertificate
+from PyQt5.QtNetwork import (
+    QNetworkAccessManager,
+    QNetworkRequest,
+    QNetworkReply,
+    QSslCertificate,
+)
 from PyQt5.QtWidgets import QMessageBox

 from . import os_detector
@ -48,7 +53,6 @@ from . import os_detector
 from . import VERSION


-
 class RestRequest(QObject):

    restApiUrl = ''  #
@ -60,9 +64,11 @@ class RestRequest(QObject):
        # private
        self._manager = QNetworkAccessManager()

-
        if params is not None:
-            url += '?' + '&'.join('{}={}'.format(k, urllib.parse.quote(str(v).encode('utf8'))) for k, v in params.items())
+            url += '?' + '&'.join(
+                '{}={}'.format(k, urllib.parse.quote(str(v).encode('utf8')))
+                for k, v in params.items()
+            )

        self.url = QUrl(RestRequest.restApiUrl + url)

@ -74,19 +80,16 @@ class RestRequest(QObject):
        self.done.connect(done, Qt.QueuedConnection)

    def _finished(self, reply):
-        '''
+        """
        Handle signal 'finished'.  A network request has finished.
-        '''
+        """
        try:
            if reply.error() != QNetworkReply.NoError:
                raise Exception(reply.errorString())
            data = bytes(reply.readAll())
            data = json.loads(data)
        except Exception as e:
-            data = {
-                'result': None,
-                'error': str(e)
-            }
+            data = {'result': None, 'error': str(e)}

        self.done.emit(data)

@ -100,14 +103,27 @@ class RestRequest(QObject):

        approved = settings.value(digest, False)

-        errorString = '<p>The certificate for <b>{}</b> has the following errors:</p><ul>'.format(cert.subjectInfo(QSslCertificate.CommonName))
+        errorString = (
+            '<p>The certificate for <b>{}</b> has the following errors:</p><ul>'.format(
+                cert.subjectInfo(QSslCertificate.CommonName)
+            )
+        )

        for err in errors:
            errorString += '<li>' + err.errorString() + '</li>'

        errorString += '</ul>'

-        if approved or QMessageBox.warning(self._parentWindow, 'SSL Warning', errorString, QMessageBox.Yes | QMessageBox.No) == QMessageBox.Yes:
+        if (
+            approved
+            or QMessageBox.warning(
+                self._parentWindow,
+                'SSL Warning',
+                errorString,
+                QMessageBox.Yes | QMessageBox.No,
+            )
+            == QMessageBox.Yes
+        ):
            settings.setValue(digest, True)
            reply.ignoreSslErrors()

@ -119,5 +135,10 @@ class RestRequest(QObject):
        sslCfg = request.sslConfiguration()
        sslCfg.addCaCertificates(certifi.where())
        request.setSslConfiguration(sslCfg)
-        request.setRawHeader(b'User-Agent', os_detector.getOs().encode('utf-8') + b" - UDS Connector " + VERSION.encode('utf-8'))
+        request.setRawHeader(
+            b'User-Agent',
+            os_detector.getOs().encode('utf-8')
+            + b" - UDS Connector "
+            + VERSION.encode('utf-8'),
+        )
        self._manager.get(request)
--- a/client-py3/full/src/uds/tunnel.py
+++ b/client-py3/full/src/uds/tunnel.py
@ -34,6 +34,7 @@ import ssl
 import threading
 import time
 import random
+import threading
 import select
 import typing
 import logging
@ -90,10 +91,6 @@ class ForwardServer(socketserver.ThreadingTCPServer):
        self.status = TUNNEL_LISTENING
        self.can_stop = False

-        # Max connection time for first connection. After this,
-        # Client will connect as soon as it has no active connections
-        # MAX WAIT TIME for first connection is sixty seconds, no matter
-        # how long will accept client connections
        timeout = abs(timeout) or 60
        self.timer = threading.Timer(
            abs(timeout), ForwardServer.__checkStarted, args=(self,)
@ -117,6 +114,9 @@ class ForwardServer(socketserver.ThreadingTCPServer):

            context = ssl.create_default_context()

+            # Do not "recompress" data, use only "base protocol" compression
+            context.options |= ssl.OP_NO_COMPRESSION
+
            # If ignore remote certificate
            if self.check_certificate is False:
                context.check_hostname = False
@ -190,7 +190,7 @@ class Handler(socketserver.BaseRequestHandler):
                # All is fine, now we can tunnel data
                self.process(remote=ssl_socket)
        except Exception as e:
-            logger.error('Error connecting to %s: %s', self.server.remote, e)
+            logger.error(f'Error connecting to {self.server.remote!s}: {e!s}')
            self.server.status = TUNNEL_ERROR
            self.server.stop()
        finally:
@ -218,7 +218,7 @@ class Handler(socketserver.BaseRequestHandler):
                        break
                    self.request.sendall(data)
            logger.debug('Finished tunnel with ticekt %s', self.server.ticket)
-        except Exception:
+        except Exception as e:
            pass


--- a/tunnel-server/src/forwarder/udstunnel.py
+++ b/tunnel-server/src/forwarder/udstunnel.py
@ -113,6 +113,9 @@ class ForwardServer(socketserver.ThreadingTCPServer):
            rsocket.connect(self.remote)

            context = ssl.create_default_context()
+            
+            # Do not "recompress" data, use only "base protocol" compression
+            context.options |= ssl.OP_NO_COMPRESSION

            # If ignore remote certificate
            if self.check_certificate is False: