adding support for newer SSL protocols

lib/core/option.py

@@ -121,6 +121,7 @@ from lib.request.dns import DNSServer
 from lib.request.proxy import ProxyHTTPSHandler
 from lib.request.basicauthhandler import SmartHTTPBasicAuthHandler
 from lib.request.certhandler import HTTPSCertAuthHandler
+from lib.request.httpshandler import HTTPSHandler
 from lib.request.rangehandler import HTTPRangeHandler
 from lib.request.redirecthandler import SmartRedirectHandler
 from lib.request.templates import getPageTemplate
@@ -130,6 +131,7 @@ from lib.utils.google import Google
 from xml.etree.ElementTree import ElementTree
 
 authHandler = urllib2.BaseHandler()
+httpsHandler = HTTPSHandler()
 keepAliveHandler = keepalive.HTTPHandler()
 proxyHandler = urllib2.BaseHandler()
 redirectHandler = SmartRedirectHandler()
@@ -140,16 +142,10 @@ def __urllib2Opener():
     This function creates the urllib2 OpenerDirector.
     """
 
-    global authHandler
-    global keepAliveHandler
-    global proxyHandler
-    global rangeHandler
-    global redirectHandler
-
     debugMsg = "creating HTTP requests opener object"
     logger.debug(debugMsg)
 
-    handlers = [proxyHandler, authHandler, redirectHandler, rangeHandler]
+    handlers = [proxyHandler, authHandler, redirectHandler, rangeHandler, httpsHandler]
 
     if not conf.dropSetCookie:
         if not conf.loC:

lib/request/httpshandler.py

@@ -0,0 +1,65 @@
+#!/usr/bin/env python
+
+"""
+$Id$
+
+Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import httplib
+import socket
+import urllib2
+
+from lib.core.data import logger
+from lib.core.exception import sqlmapConnectionException
+
+ssl = None
+try:
+    import ssl as _ssl
+    ssl = _ssl
+except ImportError:
+    pass
+
+_protocols = [ssl.PROTOCOL_SSLv3, ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1]
+
+class HTTPSConnection(httplib.HTTPSConnection):
+    """
+    Connection class that enables usage of newer SSL protocols.
+
+    Reference: http://bugs.python.org/msg128686
+    """
+
+    def __init__(self, *args, **kwargs):
+        httplib.HTTPSConnection.__init__(self, *args, **kwargs)
+
+    def connect(self):
+        def create_sock():
+            sock = socket.create_connection((self.host, self.port), self.timeout)
+            if getattr(self, "_tunnel_host", None):
+                self.sock = sock
+                self._tunnel()
+            return sock
+
+        success = False
+        for protocol in _protocols:
+            try:
+                sock = create_sock()
+                _ = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=protocol)
+                if _:
+                    success = True
+                    self.sock = _
+                    _protocols.remove(protocol)
+                    _protocols.insert(0, protocol)
+                    break
+                else:
+                    sock.close()
+            except ssl.SSLError, errMsg:
+                logger.debug("SSL connection error occured ('%s')" % errMsg)
+
+        if not success:
+            raise sqlmapConnectionException, "can't establish SSL connection"
+
+class HTTPSHandler(urllib2.HTTPSHandler):
+    def https_open(self, req):
+        return self.do_open(HTTPSConnection if ssl else httplib.HTTPSConnection, req)