Commit 0f01bb76 authored by Stavros Sachtouris's avatar Stavros Sachtouris
Browse files

Rename "raise_ssl_errors" to "ignore_ssl"

Refs grnet/kamaki#74

The modified flag is located in HTTPSClientAuthConnection of
"kamaki.clients.utils.https".
The default flag value is reversed.

Also, rename the method "patch_to_raise_ssl_errors" to "patsh_ignore_ssl".
The boolean values passed to this method is also reversed.

Update documentation accordingly.
parent ae6e15bd
...@@ -19,6 +19,8 @@ Bug fixes ...@@ -19,6 +19,8 @@ Bug fixes
* Fix Python 2.6 compatibility concerning HTTPS arguments * Fix Python 2.6 compatibility concerning HTTPS arguments
[grnet/kamaki#73] [grnet/kamaki#73]
* Fix Python 2.6 compatibility concerning encode parameters * Fix Python 2.6 compatibility concerning encode parameters
* Rename "raise_ssl_errors" to "ignore_ssl" in HTTPConnection class
[grnet/kamaki#74]
v0.13rc4 v0.13rc4
======== ========
......
...@@ -62,7 +62,7 @@ sketched in the :ref:`clients-ssl` section. ...@@ -62,7 +62,7 @@ sketched in the :ref:`clients-ssl` section.
https.patch_with_certs(ca_certs) https.patch_with_certs(ca_certs)
else: else:
# Risk insecure connections # Risk insecure connections
https.patch_to_raise_ssl_errors(False) https.patch_ignore_ssl()
Credentials and endpoints Credentials and endpoints
------------------------- -------------------------
...@@ -633,7 +633,7 @@ logging more. We also added some command line interaction candy. ...@@ -633,7 +633,7 @@ logging more. We also added some command line interaction candy.
if ca_certs: if ca_certs:
https.patch_with_certs(ca_certs) https.patch_with_certs(ca_certs)
else: else:
https.patch_to_raise_ssl_errors(False) https.patch_ignore_ssl()
# Create progress bar generator # Create progress bar generator
def create_pb(msg): def create_pb(msg):
......
...@@ -38,11 +38,10 @@ Ignore SSL Errors ...@@ -38,11 +38,10 @@ Ignore SSL Errors
from kamaki.clients.utils import https from kamaki.clients.utils import https
https.patch_to_raise_ssl_errors(False) https.patch_ignore_ssl()
.. note:: Ignoring SSL errors works like this: .. note:: When the connection module is instructed not to use SSL, it won't
The https connection module attempts a secure connection. attempt to connect securely, even if a certificate is provided.
If it fails, it falls back to an insecure connection.
System CA certificates System CA certificates
---------------------- ----------------------
......
...@@ -239,7 +239,7 @@ def _init_session(arguments, is_non_api=False): ...@@ -239,7 +239,7 @@ def _init_session(arguments, is_non_api=False):
else: else:
warn = red('WARNING: CA certifications path not set (insecure) ') warn = red('WARNING: CA certifications path not set (insecure) ')
kloger.warning(warn) kloger.warning(warn)
https.patch_to_raise_ssl_errors(not ignore_ssl) https.patch_ignore_ssl(ignore_ssl)
_check_config_version(_cnf.value) _check_config_version(_cnf.value)
......
...@@ -43,22 +43,21 @@ log = logging.getLogger(__name__) ...@@ -43,22 +43,21 @@ log = logging.getLogger(__name__)
class HTTPSClientAuthConnection(httplib.HTTPSConnection): class HTTPSClientAuthConnection(httplib.HTTPSConnection):
"""HTTPS connection, with full client-based SSL Authentication support""" """HTTPS connection, with full client-based SSL Authentication support"""
ca_file, raise_ssl_error = None, True ca_file, ignore_ssl = None, False
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
""" Extent HTTPSConnection to support SSL authentication """ Extent HTTPSConnection to support SSL authentication
:param ca_file: path to CA certificates bundle (default: None) :param ca_file: path to CA certificates bundle (default: None)
:param raise_ssl_error: flag (default: True) :param ignore_ssl: flag (default: False)
""" """
self.ca_file = kwargs.pop('ca_file', self.ca_file) self.ca_file = kwargs.pop('ca_file', self.ca_file)
self.raise_ssl_error = kwargs.pop( self.ignore_ssl = kwargs.pop('ignore_ssl', self.ignore_ssl)
'raise_ssl_error', self.raise_ssl_error)
httplib.HTTPSConnection.__init__(self, *args, **kwargs) httplib.HTTPSConnection.__init__(self, *args, **kwargs)
def connect(self): def connect(self):
"""Connect to a host on a given (SSL) port. """Connect to a host on a given (SSL) port.
If ca_file is pointing somewhere, use it to check Server Certificate. Use ca_file to check Server Certificate.
Redefined/copied and extended from httplib.py:1105 (Python 2.6.x). Redefined/copied and extended from httplib.py:1105 (Python 2.6.x).
This is needed to pass cert_reqs=ssl.CERT_REQUIRED as parameter to This is needed to pass cert_reqs=ssl.CERT_REQUIRED as parameter to
...@@ -73,15 +72,13 @@ class HTTPSClientAuthConnection(httplib.HTTPSConnection): ...@@ -73,15 +72,13 @@ class HTTPSClientAuthConnection(httplib.HTTPSConnection):
self.sock = sock self.sock = sock
self._tunnel() self._tunnel()
# If there's no CA File, let the flag decide if there should be a check if self.ignore_ssl:
if self.raise_ssl_error:
self.sock = ssl.wrap_socket( self.sock = ssl.wrap_socket(
sock, self.key_file, self.cert_file, sock, self.key_file, self.cert_file, cert_reqs=ssl.CERT_NONE)
ca_certs=self.ca_file, cert_reqs=ssl.CERT_REQUIRED)
else: else:
self.sock = ssl.wrap_socket( self.sock = ssl.wrap_socket(
sock, self.key_file, self.cert_file, sock, self.key_file, self.cert_file,
cert_reqs=ssl.CERT_NONE) ca_certs=self.ca_file, cert_reqs=ssl.CERT_REQUIRED)
http.HTTPConnectionPool._scheme_to_class['https'] = HTTPSClientAuthConnection http.HTTPConnectionPool._scheme_to_class['https'] = HTTPSClientAuthConnection
...@@ -92,5 +89,5 @@ def patch_with_certs(ca_file): ...@@ -92,5 +89,5 @@ def patch_with_certs(ca_file):
HTTPSClientAuthConnection.ca_file = ca_file HTTPSClientAuthConnection.ca_file = ca_file
def patch_to_raise_ssl_errors(ssl_errors=True): def patch_ignore_ssl(insecure_connection=True):
HTTPSClientAuthConnection.raise_ssl_error = ssl_errors HTTPSClientAuthConnection.ignore_ssl = insecure_connection
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment