diff options
| author | Narayan Desai <desai@mcs.anl.gov> | 2009-06-24 16:26:05 +0000 |
|---|---|---|
| committer | Narayan Desai <desai@mcs.anl.gov> | 2009-06-24 16:26:05 +0000 |
| commit | ca974668ba340af041471df42bb246116d1b2a0c (patch) | |
| tree | 761690160ca13d43ba9cc3d3a95a657dfe8606f8 /src/lib/Proxy.py | |
| parent | aa46792562f616d669329f44ec1814e6cbd6010d (diff) | |
| download | bcfg2-ca974668ba340af041471df42bb246116d1b2a0c.tar.gz bcfg2-ca974668ba340af041471df42bb246116d1b2a0c.tar.bz2 bcfg2-ca974668ba340af041471df42bb246116d1b2a0c.zip | |
SSL: Implement protocol selection in bcfg2.conf
Add explicit knob to select encryption for client/server connections. The default
value is xmlrpc/ssl, but xmlrpc/tlsv1 is also supported (needed to use DOE grid certs)
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5297 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'src/lib/Proxy.py')
| -rw-r--r-- | src/lib/Proxy.py | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/lib/Proxy.py b/src/lib/Proxy.py index 3595b1099..5a52e0af5 100644 --- a/src/lib/Proxy.py +++ b/src/lib/Proxy.py @@ -64,7 +64,7 @@ xmlrpclib._Method = RetryMethod class SSLHTTPConnection(httplib.HTTPConnection): def __init__(self, host, port=None, strict=None, timeout=90, key=None, - cert=None, ca=None, scns=None): + cert=None, ca=None, scns=None, protocol='xmlrpc/ssl'): if not has_py26: httplib.HTTPConnection.__init__(self, host, port, strict) else: @@ -77,6 +77,14 @@ class SSLHTTPConnection(httplib.HTTPConnection): self.ca_mode = ssl.CERT_REQUIRED else: self.ca_mode = ssl.CERT_NONE + if protocol == 'xmlrpc/ssl': + self.ssl_protocol = ssl.PROTOCOL_SSLv23 + elif protocol == 'xmlrpc/tlsv1': + self.ssl_protocol = ssl.PROTOCOL_TLSv1 + else: + self.logger.error("Unknown protocol %s" % (protocol)) + raise Exception, "unknown protocol %s" % protocol + def connect(self): rawsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -84,7 +92,8 @@ class SSLHTTPConnection(httplib.HTTPConnection): rawsock.settimeout(self.timeout) self.sock = ssl.SSLSocket(rawsock, cert_reqs=self.ca_mode, ca_certs=self.ca, suppress_ragged_eofs=True, - keyfile=self.key, certfile=self.cert) + keyfile=self.key, certfile=self.cert, + ssl_version=self.ssl_protocol) self.sock.connect((self.host, self.port)) pc = self.sock.getpeercert() if pc and self.scns: |