# SPDX-License-Identifier: GPL-2.0-only
# This file is part of Scapy
# See https://scapy.net/ for more information
# Copyright (C) Gabriel Potter

"""
Create a duplicate of the OpenSSL config to be able to use TLS < 1.2
This returns the path to this new config file.
"""

import os
import re
import subprocess
import tempfile

# Get OpenSSL config file
OPENSSL_DIR = re.search(
    b"OPENSSLDIR: \"(.*)\"",
    subprocess.Popen(
        ["openssl", "version", "-d"],
        stdout=subprocess.PIPE
    ).communicate()[0]
).group(1).decode()
OPENSSL_CONFIG = os.path.join(OPENSSL_DIR, 'openssl.cnf')

# https://www.openssl.org/docs/manmaster/man5/config.html
DATA = b"""
openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_configuration

[ssl_configuration]
system_default = tls_system_default

[tls_system_default]
MinProtocol = TLSv1
CipherString = DEFAULT:@SECLEVEL=0
Options = UnsafeLegacyRenegotiation
""".strip()

# Copy and edit
with tempfile.NamedTemporaryFile(suffix=".cnf", delete=False) as fd:
    fd.write(DATA)
    print(fd.name)