diff options
| author | Tristan Cacqueray <tristan.cacqueray@enovance.com> | 2014-01-24 17:40:16 +0100 |
|---|---|---|
| committer | Tristan Cacqueray <tristan.cacqueray@enovance.com> | 2014-02-12 13:21:26 +0100 |
| commit | b182112719ab87942472e44aa3446ea0eb19a289 (patch) | |
| tree | 8663d755145df6b64bc6b766866ebdb06639119a /swiftclient/https_connection.py | |
| parent | 9b73547b7de004fe623e454c425e9deee5d3d0ca (diff) | |
| download | python-swiftclient-b182112719ab87942472e44aa3446ea0eb19a289.tar.gz | |
Port to python-requests
Currently, httplib implementation does not support SSL certificate
verification. This patch fixes this. Note that ssl compression parameter
and 100-continue thing is still missing from requests, though those are
lower priority.
Requests now takes care of:
* proxy configuration (get_environ_proxies),
* chunked encoding (with data generator),
* bulk uploading (with files dictionary),
* SSL certificate verification (with 'insecure' and 'cacert' parameter).
This patch have been tested with requests 1.1.0 (CentOS 6) and requests
2.2.1 (current version).
Change-Id: Ib5de962f4102d57c71ad85fd81a615362ef175dc
Closes-Bug: #1199783
DocImpact
SecurityImpact
Diffstat (limited to 'swiftclient/https_connection.py')
| -rw-r--r-- | swiftclient/https_connection.py | 95 |
1 files changed, 0 insertions, 95 deletions
diff --git a/swiftclient/https_connection.py b/swiftclient/https_connection.py deleted file mode 100644 index 2a2dc1f..0000000 --- a/swiftclient/https_connection.py +++ /dev/null @@ -1,95 +0,0 @@ -# Copyright (c) 2013 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" -HTTPS/SSL related functionality -""" - -import socket - -from httplib import HTTPSConnection - -import OpenSSL - -try: - from eventlet.green.OpenSSL.SSL import GreenConnection - from eventlet.greenio import GreenSocket - from eventlet.patcher import is_monkey_patched - - def getsockopt(self, *args, **kwargs): - return self.fd.getsockopt(*args, **kwargs) - # The above is a workaround for an eventlet bug in getsockopt. - # TODO(mclaren): Workaround can be removed when this fix lands: - # https://bitbucket.org/eventlet/eventlet/commits/609f230 - GreenSocket.getsockopt = getsockopt -except ImportError: - def is_monkey_patched(*args): - return False - - -class HTTPSConnectionNoSSLComp(HTTPSConnection): - """ - Extended HTTPSConnection which uses the OpenSSL library - for disabling SSL compression. - Note: This functionality can eventually be replaced - with native Python 3.3 code. - """ - def __init__(self, host): - HTTPSConnection.__init__(self, host) - self.setcontext() - - def setcontext(self): - """ - Set up the OpenSSL context. - """ - self.context = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD) - # Disable SSL layer compression. - self.context.set_options(0x20000) # SSL_OP_NO_COMPRESSION - - def connect(self): - """ - Connect to an SSL port using the OpenSSL library and apply - per-connection parameters. - """ - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - self.sock = OpenSSLConnectionDelegator(self.context, sock) - self.sock.connect((self.host, self.port)) - - -class OpenSSLConnectionDelegator(object): - """ - An OpenSSL.SSL.Connection delegator. - - Supplies an additional 'makefile' method which httplib requires - and is not present in OpenSSL.SSL.Connection. - - Note: Since it is not possible to inherit from OpenSSL.SSL.Connection - a delegator must be used. - """ - def __init__(self, *args, **kwargs): - if is_monkey_patched('socket'): - # If we are running in a monkey patched environment - # use eventlet's GreenConnection -- it handles eventlet's - # non-blocking sockets correctly. - Connection = GreenConnection - else: - Connection = OpenSSL.SSL.Connection - self.connection = Connection(*args, **kwargs) - - def __getattr__(self, name): - return getattr(self.connection, name) - - def makefile(self, *args, **kwargs): - return socket._fileobject(self.connection, *args, **kwargs) |