From 0f01bb76d2bb6be1ec5751a66fd6c48caebfedd5 Mon Sep 17 00:00:00 2001
From: Stavros Sachtouris <saxtouri@admin.grnet.gr>
Date: Fri, 17 Oct 2014 12:46:41 +0300
Subject: [PATCH] Rename "raise_ssl_errors" to "ignore_ssl"

Refs grnet/kamaki#74

The modified flag is located in HTTPSClientAuthConnection of
"kamaki.clients.utils.https".
The default flag value is reversed.

Also, rename the method "patch_to_raise_ssl_errors" to "patsh_ignore_ssl".
The boolean values passed to this method is also reversed.

Update documentation accordingly.
---
 Changelog                     |  2 ++
 docs/developers/showcase.rst  |  4 ++--
 docs/developers/ssl.rst       |  7 +++----
 kamaki/cli/__init__.py        |  2 +-
 kamaki/clients/utils/https.py | 21 +++++++++------------
 5 files changed, 17 insertions(+), 19 deletions(-)

diff --git a/Changelog b/Changelog
index e47cfdd2..eb77236e 100644
--- a/Changelog
+++ b/Changelog
@@ -19,6 +19,8 @@ Bug fixes
 * Fix Python 2.6 compatibility concerning HTTPS arguments
   [grnet/kamaki#73]
 * Fix Python 2.6 compatibility concerning encode parameters
+* Rename "raise_ssl_errors" to "ignore_ssl" in HTTPConnection class
+  [grnet/kamaki#74]
 
 v0.13rc4
 ========
diff --git a/docs/developers/showcase.rst b/docs/developers/showcase.rst
index 21a3ccca..84b8d6a3 100644
--- a/docs/developers/showcase.rst
+++ b/docs/developers/showcase.rst
@@ -62,7 +62,7 @@ sketched in the :ref:`clients-ssl` section.
             https.patch_with_certs(ca_certs)
         else:
             # Risk insecure connections
-            https.patch_to_raise_ssl_errors(False)
+            https.patch_ignore_ssl()
 
 Credentials and endpoints
 -------------------------
@@ -633,7 +633,7 @@ logging more. We also added some command line interaction candy.
         if ca_certs:
             https.patch_with_certs(ca_certs)
         else:
-            https.patch_to_raise_ssl_errors(False)
+            https.patch_ignore_ssl()
 
     #  Create progress bar generator
     def create_pb(msg):
diff --git a/docs/developers/ssl.rst b/docs/developers/ssl.rst
index 78076011..428c6502 100644
--- a/docs/developers/ssl.rst
+++ b/docs/developers/ssl.rst
@@ -38,11 +38,10 @@ Ignore SSL Errors
 
     from kamaki.clients.utils import https
 
-    https.patch_to_raise_ssl_errors(False)
+    https.patch_ignore_ssl()
 
-.. note:: Ignoring SSL errors works like this:
-    The https connection module attempts a secure connection.
-    If it fails, it falls back to an insecure connection.
+.. note:: When the connection module is instructed not to use SSL, it won't
+    attempt to connect securely, even if a certificate is provided.
 
 System CA certificates
 ----------------------
diff --git a/kamaki/cli/__init__.py b/kamaki/cli/__init__.py
index 14db4c88..9aa9137b 100644
--- a/kamaki/cli/__init__.py
+++ b/kamaki/cli/__init__.py
@@ -239,7 +239,7 @@ def _init_session(arguments, is_non_api=False):
     else:
         warn = red('WARNING: CA certifications path not set (insecure) ')
         kloger.warning(warn)
-    https.patch_to_raise_ssl_errors(not ignore_ssl)
+    https.patch_ignore_ssl(ignore_ssl)
 
     _check_config_version(_cnf.value)
 
diff --git a/kamaki/clients/utils/https.py b/kamaki/clients/utils/https.py
index f086a49c..a6163664 100644
--- a/kamaki/clients/utils/https.py
+++ b/kamaki/clients/utils/https.py
@@ -43,22 +43,21 @@ log = logging.getLogger(__name__)
 class HTTPSClientAuthConnection(httplib.HTTPSConnection):
     """HTTPS connection, with full client-based SSL Authentication support"""
 
-    ca_file, raise_ssl_error = None, True
+    ca_file, ignore_ssl = None, False
 
     def __init__(self, *args, **kwargs):
         """ Extent HTTPSConnection to support SSL authentication
             :param ca_file: path to CA certificates bundle (default: None)
-            :param raise_ssl_error: flag (default: True)
+            :param ignore_ssl: flag (default: False)
         """
         self.ca_file = kwargs.pop('ca_file', self.ca_file)
-        self.raise_ssl_error = kwargs.pop(
-            'raise_ssl_error', self.raise_ssl_error)
+        self.ignore_ssl = kwargs.pop('ignore_ssl', self.ignore_ssl)
 
         httplib.HTTPSConnection.__init__(self, *args, **kwargs)
 
     def connect(self):
         """Connect to a host on a given (SSL) port.
-        If ca_file is pointing somewhere, use it to check Server Certificate.
+        Use ca_file to check Server Certificate.
 
         Redefined/copied and extended from httplib.py:1105 (Python 2.6.x).
         This is needed to pass cert_reqs=ssl.CERT_REQUIRED as parameter to
@@ -73,15 +72,13 @@ class HTTPSClientAuthConnection(httplib.HTTPSConnection):
             self.sock = sock
             self._tunnel()
 
-        # If there's no CA File, let the flag decide if there should be a check
-        if self.raise_ssl_error:
+        if self.ignore_ssl:
             self.sock = ssl.wrap_socket(
-                sock, self.key_file, self.cert_file,
-                ca_certs=self.ca_file, cert_reqs=ssl.CERT_REQUIRED)
+                sock, self.key_file, self.cert_file, cert_reqs=ssl.CERT_NONE)
         else:
             self.sock = ssl.wrap_socket(
                 sock, self.key_file, self.cert_file,
-                cert_reqs=ssl.CERT_NONE)
+                ca_certs=self.ca_file, cert_reqs=ssl.CERT_REQUIRED)
 
 
 http.HTTPConnectionPool._scheme_to_class['https'] = HTTPSClientAuthConnection
@@ -92,5 +89,5 @@ def patch_with_certs(ca_file):
     HTTPSClientAuthConnection.ca_file = ca_file
 
 
-def patch_to_raise_ssl_errors(ssl_errors=True):
-    HTTPSClientAuthConnection.raise_ssl_error = ssl_errors
+def patch_ignore_ssl(insecure_connection=True):
+    HTTPSClientAuthConnection.ignore_ssl = insecure_connection
-- 
GitLab