Commit a6d350cc authored by Michael Hanselmann's avatar Michael Hanselmann

Merge branch 'stable-2.2' into devel-2.2

* stable-2.2:
  Fix pylint warning in http/__init__.py
  Allow SSL ciphers to be overridden in HTTP server
  If we had any errors in setup in one of the hosts, exit with non-zero
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
parents 4008c8ed 5117f822
......@@ -595,7 +595,10 @@ class HttpBase(object):
ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD)
ctx.set_options(OpenSSL.SSL.OP_NO_SSLv2)
ctx.set_cipher_list(constants.OPENSSL_CIPHERS)
ciphers = self.GetSslCiphers()
logging.debug("Setting SSL cipher string %s", ciphers)
ctx.set_cipher_list(ciphers)
ctx.use_privatekey(self._ssl_key)
ctx.use_certificate(self._ssl_cert)
......@@ -608,6 +611,12 @@ class HttpBase(object):
return OpenSSL.SSL.Connection(ctx, sock)
def GetSslCiphers(self): # pylint: disable-msg=R0201
"""Returns the ciphers string for SSL.
"""
return constants.OPENSSL_CIPHERS
def _SSLVerifyCallback(self, conn, cert, errnum, errdepth, ok):
"""Verify the certificate provided by the peer
......
......@@ -321,6 +321,8 @@ def main():
SetupLogging(options)
errs = 0
all_keys = LoadPrivateKeys(options)
passwd = None
......@@ -385,14 +387,18 @@ def main():
SetupSSH(transport)
SetupNodeDaemon(transport)
except errors.GenericError, err:
logging.error("While doing setup on host %s an error occured: %s",
logging.error("While doing setup on host %s an error occurred: %s",
host, err)
errs += 1
finally:
transport.close()
# this is needed for compatibility with older Paramiko or Python
# versions
transport.join()
if errs > 0:
sys.exit(1)
if __name__ == "__main__":
main()
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment