From d02331890f14463ec868b08c7cdf1078e7887879 Mon Sep 17 00:00:00 2001
From: Stavros Sachtouris <saxtouri@admin.grnet.gr>
Date: Wed, 13 May 2015 14:16:23 +0300
Subject: [PATCH] Add config settings for handling SSL connections

The following settings can be used at cloud level i.e., each cloud
configuration can have its own SSL settings:

ignore_ssl = on | off
ca_certs = /path/to/certificates

Both settings are passed to a agkyra.syncer.SetupSyncer instance
while setting up a session.
---
 agkyra/agkyra/config.py       |  2 ++
 agkyra/agkyra/protocol.py     | 19 ++++++++++++++++---
 agkyra/agkyra/syncer/setup.py |  3 +++
 3 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/agkyra/agkyra/config.py b/agkyra/agkyra/config.py
index 9c9f956..9f35d25 100644
--- a/agkyra/agkyra/config.py
+++ b/agkyra/agkyra/config.py
@@ -64,6 +64,8 @@ config.DEFAULTS = {
         # <cloud>: {
         #     'url': '',
         #     'token': '',
+        #     'ignore_ssl': True or False overwrites ca_certs,
+        #     'ca_certs': /path/to/ca/certificate/buddle
         #     whatever else may be useful in this context
         # },
         # ... more clouds
diff --git a/agkyra/agkyra/protocol.py b/agkyra/agkyra/protocol.py
index c9a5108..23e7c8a 100644
--- a/agkyra/agkyra/protocol.py
+++ b/agkyra/agkyra/protocol.py
@@ -298,12 +298,26 @@ class WebSocketProtocol(WebSocket):
     def init_sync(self):
         """Initialize syncer"""
         sync = self._get_default_sync()
+
+        kwargs = dict(agkyra_path=AGKYRA_DIR)
+        # Get SSL settings
+        cloud = self._get_sync_cloud(sync)
+        try:
+            ignore_ssl = self.cnf.get_cloud(cloud, 'ignore_ssl') in ('on', )
+            kwargs['ignore_ssl'] = ignore_ssl
+        except KeyError:
+            ignore_ssl = None
+        if not ignore_ssl:
+            try:
+                kwargs['ca_certs'] = self.cnf.get_cloud(cloud, 'ca_certs')
+            except KeyError:
+                pass
+
         syncer_settings = setup.SyncerSettings(
             sync,
             self.settings['url'], self.settings['token'],
             self.settings['container'], self.settings['directory'],
-            agkyra_path=AGKYRA_DIR,
-            ignore_ssl=True)
+            **kwargs)
         master = pithos_client.PithosFileClient(syncer_settings)
         slave = localfs_client.LocalfsFileClient(syncer_settings)
         self.syncer = syncer.FileSyncer(syncer_settings, master, slave)
@@ -368,7 +382,6 @@ class WebSocketProtocol(WebSocket):
         self.db.execute('BEGIN')
         self.db.execute('DELETE FROM %s' % self.session_relation)
         self.db.commit()
-        LOG.debug('Close DB connection')
         self.db.close()
         LOG.debug('Helper: connection closed')
 
diff --git a/agkyra/agkyra/syncer/setup.py b/agkyra/agkyra/syncer/setup.py
index 6a41325..78e18c8 100644
--- a/agkyra/agkyra/syncer/setup.py
+++ b/agkyra/agkyra/syncer/setup.py
@@ -54,6 +54,9 @@ class SyncerSettings():
         self.ignore_ssl = kwargs.get("ignore_ssl", False)
         if self.ignore_ssl:
             https.patch_ignore_ssl()
+        elif kwargs.get('ca_certs', None):
+            https.patch_with_certs(kwargs['ca_certs'])
+
         self.endpoint = self._get_pithos_client(
             auth_url, auth_token, container)
 
-- 
GitLab