Changeset 816daef for fedd/federation
- Timestamp:
- Jul 8, 2011 6:32:31 PM (13 years ago)
- Branches:
- compt_changes, info-ops, master
- Children:
- 2d601b7
- Parents:
- c410811a
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/util.py
rc410811a r816daef 19 19 from service_error import service_error 20 20 from urlparse import urlparse 21 from M2Crypto import m2 21 22 22 23 … … 27 28 if not getattr(SSL.cb, 'ssl_verify_callback_allow_unknown_ca', None): 28 29 from M2Crypto.SSL.Context import map 29 from M2Crypto import m2 30 31 def ssl_verify_callback(ssl_ctx_ptr, x509_ptr, errnum, errdepth, ok): 30 31 def fedd_ssl_verify_callback(ssl_ctx_ptr, x509_ptr, errnum, errdepth, ok): 32 32 unknown_issuer = [ 33 33 m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, … … 36 36 m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 37 37 ] 38 # m2.X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN should also be allowed 39 if getattr(m2, 'X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN', None): 40 unknown_issuer.append(getattr(m2, 41 'X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN', None)) 38 42 ssl_ctx = map()[ssl_ctx_ptr] 39 43 … … 49 53 return ok 50 54 else: 51 def ssl_verify_callback(ssl_ctx_ptr, x509_ptr, errnum, errdepth, ok): 52 raise ValueError("This should never be called") 55 def fedd_ssl_verify_callback(ok, store): 56 ''' 57 m2.X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN should also be allowed 58 ''' 59 errnum = store.get_error() 60 if errnum == m2.X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 61 ok = 1 62 return ok 63 else: 64 return SSL.cb.ssl_verify_callback_allow_unknown_ca(ok, store) 53 65 54 66 class fedd_ssl_context(SSL.Context): … … 89 101 self.set_verify(SSL.verify_peer, 10) 90 102 else: 91 # More legacy code. Recent versions of M2Crypto express the 92 # allow_unknown_ca option through a callback turned to allow it. 93 # Older versions use a standard callback that respects the 94 # attribute. This should work under both regines. 95 callb = getattr(SSL.cb, 'ssl_verify_callback_allow_unknown_ca', 96 ssl_verify_callback) 103 # Install the proper callback to allow self-signed certs 97 104 self.set_allow_unknown_ca(True) 98 self.set_verify(SSL.verify_peer, 10, callback=callb) 105 self.set_verify(SSL.verify_peer, 10, 106 callback=fedd_ssl_verify_callback) 99 107 100 108 class file_expanding_opts(OptionParser):
Note: See TracChangeset
for help on using the changeset viewer.