Changeset b3c4896


Ignore:
Timestamp:
Jul 8, 2011 6:30:39 PM (13 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master
Children:
0c9393e
Parents:
cedf721 (diff), e15435c (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Merge branch 'axis_example' of git://fedd.deterlab.net/fedd into axis_example

Location:
fedd/federation
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • fedd/federation/remote_service.py

    rcedf721 rb3c4896  
    3030    fedd_internal_services = fedd_internal_client
    3131    service_port_name = 'getfeddPort'
    32     internal_service_port_name = 'getfedd_internalPort'
    33 
     32    internal_service_port_name = 'getfedd_internal_port'
    3433from util import fedd_ssl_context
    3534from fedid import fedid
     
    6160    # A map used to convert fedid fields to fedid objects (when the field is
    6261    # already a string)
    63     fedid_to_object = ( ('fedid', lambda x: fedid(bits=x)),)
     62    fedid_to_object = {'fedid': lambda x: fedid(bits=x)}
    6463    # A map used by apply_to_tags to convert fedids from xmlrpclib.Binary
    6564    # objects to fedid objects in one sweep.
    66     decap_fedids = (('fedid', lambda x: fedid(bits=x.data)),)
     65    decap_fedids = {'fedid': lambda x: fedid(bits=x.data),
     66            'credential': lambda x: x.data}
    6767    # A map used to encapsulate fedids into xmlrpclib.Binary objects
    68     encap_fedids = (('fedid', to_binary),)
     68    encap_fedids = {'fedid': to_binary, 'credential': to_binary}
    6969
    7070    # fields that are never unicoded, because they represent non strings.
     
    142142        if isinstance(e, dict):
    143143            for k in e.keys():
    144                 for tag, fcn in map:
    145                     if k == tag:
    146                         if isinstance(e[k], list):
    147                             e[k] = [ fcn(b) for b in e[k]]
    148                         else:
    149                             e[k] = fcn(e[k])
    150                     elif isinstance(e[k], dict):
    151                         remote_service_base.apply_to_tags(e[k], map)
    152                     elif isinstance(e[k], list):
    153                         for ee in e[k]:
    154                             remote_service_base.apply_to_tags(ee, map)
     144                if k in map:
     145                    fcn = map[k]
     146                    if isinstance(e[k], list):
     147                        e[k] = [ fcn(b) for b in e[k]]
     148                    else:
     149                        e[k] = fcn(e[k])
     150                elif isinstance(e[k], dict):
     151                    remote_service_base.apply_to_tags(e[k], map)
     152                elif isinstance(e[k], list):
     153                    for ee in e[k]:
     154                        remote_service_base.apply_to_tags(ee, map)
    155155        # Other types end the recursion - they should be leaves
    156156        return e
  • fedd/federation/util.py

    re15435c rb3c4896  
    1919from service_error import service_error
    2020from urlparse import urlparse
     21from M2Crypto import m2
    2122
    2223
     
    2728if not getattr(SSL.cb, 'ssl_verify_callback_allow_unknown_ca', None):
    2829    from M2Crypto.SSL.Context import map
    29     from M2Crypto import m2
    30 
    31     def ssl_verify_callback(ssl_ctx_ptr, x509_ptr, errnum, errdepth, ok):
     30
     31    def fedd_ssl_verify_callback(ssl_ctx_ptr, x509_ptr, errnum, errdepth, ok):
    3232        unknown_issuer = [
    3333            m2.X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY,
     
    3636            m2.X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
    3737            ]
     38        # m2.X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN should also be allowed
     39        if getattr(m2, 'X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN', None):
     40            unknown_issuer.append(getattr(m2,
     41                'X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN', None))
    3842        ssl_ctx = map()[ssl_ctx_ptr]
    3943
     
    4953        return ok
    5054else:
    51     def ssl_verify_callback(ssl_ctx_ptr, x509_ptr, errnum, errdepth, ok):
    52         raise ValueError("This should never be called")
     55    def fedd_ssl_verify_callback(ok, store):
     56        '''
     57        m2.X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN should also be allowed
     58        '''
     59        errnum = store.get_error()
     60        if errnum == m2.X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
     61            ok = 1
     62            return ok
     63        else:
     64            return SSL.cb.ssl_verify_callback_allow_unknown_ca(ok, store)
    5365
    5466class fedd_ssl_context(SSL.Context):
     
    89101            self.set_verify(SSL.verify_peer, 10)
    90102        else:
    91             # More legacy code.  Recent versions of M2Crypto express the
    92             # allow_unknown_ca option through a callback turned to allow it.
    93             # Older versions use a standard callback that respects the
    94             # attribute.  This should work under both regines.
    95             callb = getattr(SSL.cb, 'ssl_verify_callback_allow_unknown_ca',
    96                     ssl_verify_callback)
     103            # Install the proper callback to allow self-signed certs
    97104            self.set_allow_unknown_ca(True)
    98             self.set_verify(SSL.verify_peer, 10, callback=callb)
     105            self.set_verify(SSL.verify_peer, 10,
     106                    callback=fedd_ssl_verify_callback)
    99107
    100108class file_expanding_opts(OptionParser):
Note: See TracChangeset for help on using the changeset viewer.