Minor improvement of PKI handler

2026-01-27 16:49:03 +00:00 · 2026-01-04 20:22:02 +01:00
parent 8c9e70496b
commit 6ef62d0201
3 changed files with 28 additions and 6 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.1.3"
+VERSION = "1.10.1.4"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/request/pkihandler.py
+++ b/lib/request/pkihandler.py
@@ -5,12 +5,20 @@ Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
 See the file 'LICENSE' for copying permission
 """

+ssl = None
+try:
+    import ssl as _ssl
+    ssl = _ssl
+except ImportError:
+    pass
+
 from lib.core.data import conf
 from lib.core.common import getSafeExString
 from lib.core.exception import SqlmapConnectionException
 from thirdparty.six.moves import http_client as _http_client
 from thirdparty.six.moves import urllib as _urllib

+
 class HTTPSPKIAuthHandler(_urllib.request.HTTPSHandler):
    def __init__(self, auth_file):
        _urllib.request.HTTPSHandler.__init__(self)
@@ -20,10 +28,24 @@ class HTTPSPKIAuthHandler(_urllib.request.HTTPSHandler):
        return self.do_open(self.getConnection, req)

    def getConnection(self, host, timeout=None):
+        if timeout is None:
+            timeout = conf.timeout
+
+        if not hasattr(_http_client, "HTTPSConnection"):
+            raise SqlmapConnectionException("HTTPS support is not available in this Python build")
+
        try:
-            # Reference: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain
-            return _http_client.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=conf.timeout)
-        except IOError as ex:
+            if ssl and hasattr(ssl, "SSLContext") and hasattr(ssl, "create_default_context"):
+                ctx = ssl.create_default_context()
+                ctx.load_cert_chain(certfile=self.auth_file, keyfile=self.auth_file)
+                try:
+                    return _http_client.HTTPSConnection(host, timeout=timeout, context=ctx)
+                except TypeError:
+                    pass
+
+            return _http_client.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=timeout)
+
+        except (IOError, OSError) as ex:
            errMsg = "error occurred while using key "
            errMsg += "file '%s' ('%s')" % (self.auth_file, getSafeExString(ex))
            raise SqlmapConnectionException(errMsg)