Commit 0f01bb76 authored by Stavros Sachtouris's avatar Stavros Sachtouris

Rename "raise_ssl_errors" to "ignore_ssl"

Refs grnet/kamaki#74

The modified flag is located in HTTPSClientAuthConnection of
"kamaki.clients.utils.https".
The default flag value is reversed.

Also, rename the method "patch_to_raise_ssl_errors" to "patsh_ignore_ssl".
The boolean values passed to this method is also reversed.

Update documentation accordingly.
parent ae6e15bd
......@@ -19,6 +19,8 @@ Bug fixes
* Fix Python 2.6 compatibility concerning HTTPS arguments
[grnet/kamaki#73]
* Fix Python 2.6 compatibility concerning encode parameters
* Rename "raise_ssl_errors" to "ignore_ssl" in HTTPConnection class
[grnet/kamaki#74]
v0.13rc4
========
......
......@@ -62,7 +62,7 @@ sketched in the :ref:`clients-ssl` section.
https.patch_with_certs(ca_certs)
else:
# Risk insecure connections
https.patch_to_raise_ssl_errors(False)
https.patch_ignore_ssl()
Credentials and endpoints
-------------------------
......@@ -633,7 +633,7 @@ logging more. We also added some command line interaction candy.
if ca_certs:
https.patch_with_certs(ca_certs)
else:
https.patch_to_raise_ssl_errors(False)
https.patch_ignore_ssl()
# Create progress bar generator
def create_pb(msg):
......
......@@ -38,11 +38,10 @@ Ignore SSL Errors
from kamaki.clients.utils import https
https.patch_to_raise_ssl_errors(False)
https.patch_ignore_ssl()
.. note:: Ignoring SSL errors works like this:
The https connection module attempts a secure connection.
If it fails, it falls back to an insecure connection.
.. note:: When the connection module is instructed not to use SSL, it won't
attempt to connect securely, even if a certificate is provided.
System CA certificates
----------------------
......
......@@ -239,7 +239,7 @@ def _init_session(arguments, is_non_api=False):
else:
warn = red('WARNING: CA certifications path not set (insecure) ')
kloger.warning(warn)
https.patch_to_raise_ssl_errors(not ignore_ssl)
https.patch_ignore_ssl(ignore_ssl)
_check_config_version(_cnf.value)
......
......@@ -43,22 +43,21 @@ log = logging.getLogger(__name__)
class HTTPSClientAuthConnection(httplib.HTTPSConnection):
"""HTTPS connection, with full client-based SSL Authentication support"""
ca_file, raise_ssl_error = None, True
ca_file, ignore_ssl = None, False
def __init__(self, *args, **kwargs):
""" Extent HTTPSConnection to support SSL authentication
:param ca_file: path to CA certificates bundle (default: None)
:param raise_ssl_error: flag (default: True)
:param ignore_ssl: flag (default: False)
"""
self.ca_file = kwargs.pop('ca_file', self.ca_file)
self.raise_ssl_error = kwargs.pop(
'raise_ssl_error', self.raise_ssl_error)
self.ignore_ssl = kwargs.pop('ignore_ssl', self.ignore_ssl)
httplib.HTTPSConnection.__init__(self, *args, **kwargs)
def connect(self):
"""Connect to a host on a given (SSL) port.
If ca_file is pointing somewhere, use it to check Server Certificate.
Use ca_file to check Server Certificate.
Redefined/copied and extended from httplib.py:1105 (Python 2.6.x).
This is needed to pass cert_reqs=ssl.CERT_REQUIRED as parameter to
......@@ -73,15 +72,13 @@ class HTTPSClientAuthConnection(httplib.HTTPSConnection):
self.sock = sock
self._tunnel()
# If there's no CA File, let the flag decide if there should be a check
if self.raise_ssl_error:
if self.ignore_ssl:
self.sock = ssl.wrap_socket(
sock, self.key_file, self.cert_file,
ca_certs=self.ca_file, cert_reqs=ssl.CERT_REQUIRED)
sock, self.key_file, self.cert_file, cert_reqs=ssl.CERT_NONE)
else:
self.sock = ssl.wrap_socket(
sock, self.key_file, self.cert_file,
cert_reqs=ssl.CERT_NONE)
ca_certs=self.ca_file, cert_reqs=ssl.CERT_REQUIRED)
http.HTTPConnectionPool._scheme_to_class['https'] = HTTPSClientAuthConnection
......@@ -92,5 +89,5 @@ def patch_with_certs(ca_file):
HTTPSClientAuthConnection.ca_file = ca_file
def patch_to_raise_ssl_errors(ssl_errors=True):
HTTPSClientAuthConnection.raise_ssl_error = ssl_errors
def patch_ignore_ssl(insecure_connection=True):
HTTPSClientAuthConnection.ignore_ssl = insecure_connection
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment