Commit 7dcadb74 authored by Iustin Pop's avatar Iustin Pop
Browse files

Merge branch 'stable-2.2' into devel-2.2



* stable-2.2:
  Require aclocal 1.11.1 or above for devel/release
  Revert "Require aclocal 1.11.1 or above for autogen.sh"
  Set list of trusted SSL CAs for client to verify
  Require aclocal 1.11.1 or above for autogen.sh
Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
parents 3d95cd0d 3ff614e2
......@@ -46,6 +46,26 @@ echo "Cloning the repository under $TMPDIR ..."
git clone -q "$URL" dist
cd dist
git checkout $TAG
# Check minimum aclocal version for releasing
MIN_ACLOCAL_VERSION=( 1 11 1 )
ACLOCAL_VERSION=$(${ACLOCAL:-aclocal} --version | head -1 | \
sed -e 's/^[^0-9]*\([0-9\.]*\)$/\1/')
ACLOCAL_VERSION_REST=$ACLOCAL_VERSION
for v in ${MIN_ACLOCAL_VERSION[@]}; do
ACLOCAL_VERSION_PART=${ACLOCAL_VERSION_REST%%.*}
ACLOCAL_VERSION_REST=${ACLOCAL_VERSION_REST#$ACLOCAL_VERSION_PART.}
if [[ $v -eq $ACLOCAL_VERSION_PART ]]; then
continue
elif [[ $v -lt $ACLOCAL_VERSION_PART ]]; then
break
else # gt
echo "aclocal version $ACLOCAL_VERSION is too old (< 1.11.1)"
exit 1
fi
done
./autogen.sh
./configure
......
......@@ -550,6 +550,7 @@ class HttpSslParams(object):
"""
self.ssl_key_pem = utils.ReadFile(ssl_key_path)
self.ssl_cert_pem = utils.ReadFile(ssl_cert_path)
self.ssl_cert_path = ssl_cert_path
def GetKey(self):
return OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
......@@ -609,6 +610,15 @@ class HttpBase(object):
OpenSSL.SSL.VERIFY_FAIL_IF_NO_PEER_CERT,
self._SSLVerifyCallback)
# Also add our certificate as a trusted CA to be sent to the client.
# This is required at least for GnuTLS clients to work.
try:
# This will fail for PyOpenssl versions before 0.10
ctx.add_client_ca(self._ssl_cert)
except AttributeError:
# Fall back to letting OpenSSL read the certificate file directly.
ctx.load_client_ca(ssl_params.ssl_cert_path)
return OpenSSL.SSL.Connection(ctx, sock)
def GetSslCiphers(self): # pylint: disable-msg=R0201
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment