commit e0f420c4ff20b5846f753c684667402baa8da73d
from: Aleksey Ryndin <continue@to.any-key.press>
date: Thu Sep 05 20:05:05 2024 UTC

Add: server code

commit - 5c749e57812a8fb3757c5a2afe3cebd9deab3a36
commit + e0f420c4ff20b5846f753c684667402baa8da73d
blob - 7ae8f8fa63c794d6db3fa417a921f6fc05cc170d
blob + 079940967c9575fc031a1e80d8e71c1e84fb8cc3
--- lonk.py
+++ lonk.py
@@ -1,9 +1,9 @@
+import ssl
 from sqlite3 import connect as sqlite3_connect
 from argparse import ArgumentParser
 from json import loads as json_loads
 from pathlib import Path
 from socket import socket
-from ssl import PROTOCOL_TLS_SERVER, SSLContext
 from urllib.parse import urlencode, urlunsplit, urljoin, urlsplit
 from urllib.request import urlopen
 from html.parser import HTMLParser
@@ -253,17 +253,24 @@ def server():
         with dbcon:
             create_schema(dbcon)
 
-    ssl_ctx = SSLContext(PROTOCOL_TLS_SERVER)
+    ssl_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+    ssl_ctx.verify_mode = ssl.CERT_OPTIONAL
+    ssl_ctx.minimum_version = ssl.TLSVersion.TLSv1_2
+    ssl_ctx.check_hostname = False
     ssl_ctx.load_cert_chain(args.certfile, args.keyfile)
 
     with socket() as sock:
         sock.bind((args.address, args.port))
         sock.listen()
         with ssl_ctx.wrap_socket(sock, server_side=True) as ssl_sock:
-            conn, addr = ssl_sock.accept()
-            if conn.getpeercert() is None:
-                raise NotImplementedError()
-            raise NotImplementedError()
+            while True:
+                conn, addr = ssl_sock.accept()
+                client_cert = conn.getpeercert(binary_form=True)
+                if client_cert is None:
+                    conn.write(b"60 Certificate required\r\n")
+                    conn.close()
+                    continue
+                raise NotImplementedError(client_cert)
 
 
 if __name__ == '__main__':