Changeset b3c4896
- Timestamp:
- Jul 8, 2011 6:30:39 PM (13 years ago)
- Branches:
- axis_example, compt_changes, info-ops, master
- Children:
- 0c9393e
- Parents:
- cedf721 (diff), e15435c (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the(diff)
links above to see all the changes relative to each parent. - Location:
- fedd/federation
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
fedd/federation/remote_service.py
rcedf721 rb3c4896 30 30 fedd_internal_services = fedd_internal_client 31 31 service_port_name = 'getfeddPort' 32 internal_service_port_name = 'getfedd_internalPort' 33 32 internal_service_port_name = 'getfedd_internal_port' 34 33 from util import fedd_ssl_context 35 34 from fedid import fedid … … 61 60 # A map used to convert fedid fields to fedid objects (when the field is 62 61 # already a string) 63 fedid_to_object = ( ('fedid', lambda x: fedid(bits=x)),)62 fedid_to_object = {'fedid': lambda x: fedid(bits=x)} 64 63 # A map used by apply_to_tags to convert fedids from xmlrpclib.Binary 65 64 # objects to fedid objects in one sweep. 66 decap_fedids = (('fedid', lambda x: fedid(bits=x.data)),) 65 decap_fedids = {'fedid': lambda x: fedid(bits=x.data), 66 'credential': lambda x: x.data} 67 67 # A map used to encapsulate fedids into xmlrpclib.Binary objects 68 encap_fedids = (('fedid', to_binary),)68 encap_fedids = {'fedid': to_binary, 'credential': to_binary} 69 69 70 70 # fields that are never unicoded, because they represent non strings. … … 142 142 if isinstance(e, dict): 143 143 for k in e.keys(): 144 for tag, fcnin map:145 if k == tag:146 147 148 149 150 151 152 153 154 144 if k in map: 145 fcn = map[k] 146 if isinstance(e[k], list): 147 e[k] = [ fcn(b) for b in e[k]] 148 else: 149 e[k] = fcn(e[k]) 150 elif isinstance(e[k], dict): 151 remote_service_base.apply_to_tags(e[k], map) 152 elif isinstance(e[k], list): 153 for ee in e[k]: 154 remote_service_base.apply_to_tags(ee, map) 155 155 # Other types end the recursion - they should be leaves 156 156 return e -
fedd/federation/util.py
re15435c rb3c4896 19 19 from service_error import service_error 20 20 from urlparse import urlparse 21 from M2Crypto import m2 21 22 22 23 … … 27 28 if not getattr(SSL.cb, 'ssl_verify_callback_allow_unknown_ca', None): 28 29 from M2Crypto.SSL.Context import map 29 from M2Crypto import m2 30 31 def ssl_verify_callback(ssl_ctx_ptr, x509_ptr, errnum, errdepth, ok): 30 31 def fedd_ssl_verify_callback(ssl_ctx_ptr, x509_ptr, errnum, errdepth, ok): 32 32 unknown_issuer = [ 33 33 m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, … … 36 36 m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 37 37 ] 38 # m2.X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN should also be allowed 39 if getattr(m2, 'X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN', None): 40 unknown_issuer.append(getattr(m2, 41 'X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN', None)) 38 42 ssl_ctx = map()[ssl_ctx_ptr] 39 43 … … 49 53 return ok 50 54 else: 51 def ssl_verify_callback(ssl_ctx_ptr, x509_ptr, errnum, errdepth, ok): 52 raise ValueError("This should never be called") 55 def fedd_ssl_verify_callback(ok, store): 56 ''' 57 m2.X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN should also be allowed 58 ''' 59 errnum = store.get_error() 60 if errnum == m2.X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: 61 ok = 1 62 return ok 63 else: 64 return SSL.cb.ssl_verify_callback_allow_unknown_ca(ok, store) 53 65 54 66 class fedd_ssl_context(SSL.Context): … … 89 101 self.set_verify(SSL.verify_peer, 10) 90 102 else: 91 # More legacy code. Recent versions of M2Crypto express the 92 # allow_unknown_ca option through a callback turned to allow it. 93 # Older versions use a standard callback that respects the 94 # attribute. This should work under both regines. 95 callb = getattr(SSL.cb, 'ssl_verify_callback_allow_unknown_ca', 96 ssl_verify_callback) 103 # Install the proper callback to allow self-signed certs 97 104 self.set_allow_unknown_ca(True) 98 self.set_verify(SSL.verify_peer, 10, callback=callb) 105 self.set_verify(SSL.verify_peer, 10, 106 callback=fedd_ssl_verify_callback) 99 107 100 108 class file_expanding_opts(OptionParser):
Note: See TracChangeset
for help on using the changeset viewer.