Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def do_handshake_with_heartbleed(self):
# This is nassl's code for do_handshake() modified to send a heartbleed
# payload that will send the heartbleed checking payload
# I copied nassl's code here so I could leave anything heartbleed-related
# outside of the nassl code base
try:
if self._ssl.do_handshake() == 1:
self._handshakeDone = True
return True # Handshake was successful
except WantReadError:
# OpenSSL is expecting more data from the peer
# Send available handshake data to the peer
# In this heartbleed handshake we only send the client hello
lenToRead = self._networkBio.pending()
while lenToRead:
# Get the data from the SSL engine
handshakeDataOut = self._networkBio.read(lenToRead)
# Send it to the peer
self._sock.send(handshakeDataOut)
lenToRead = self._networkBio.pending()
# Send the heartbleed payload after the client hello
self._sock.send(heartbleed_payload(self.sslVersion))
# Recover the peer's encrypted response
# In this heartbleed handshake we only receive the server hello