Skip to content

GitLab

Switch branch/tag
  1. 18 Aug, 2010 1 commit
  3. 10 Aug, 2010 3 commits
  5. 29 Jul, 2010 2 commits
  7. 23 Jul, 2010 1 commit
  9. 19 Jul, 2010 1 commit
  11. 13 Jul, 2010 1 commit
  13. 01 Jul, 2010 2 commits
    • Guido Trotter's avatar
      RapiClient: fix multi-authentication in Python 2.6 · 14ff387e
      Guido Trotter authored 
      

In Python 2.6 the urllib2.HTTPBasicAuthHandler has a "retried" count for
failed authentications. The handler fails after 5 of them. To solve this
we reset the handler's "retried" member variable to 0 after every
successful request. This is a bit ugly, but makes the client work again
for more than 5 requests under all versions of Python.

Note that the digest authentication handler has a reset_retry_count()
method to do this, but the method is not defined for the basic
authentication handler, so we must reset the variable itself.

This member variable is unused in 2.4 and 2.5, so the change doesn't
affect the client under older Python versions.
Signed-off-by: default avatarGuido Trotter <ultrotter@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
      14ff387e
    • Michael Hanselmann's avatar
      RAPI client: Switch to pycURL · 2a7c3583
      Michael Hanselmann authored 
      

Currently the RAPI client uses the urllib2 and httplib modules from
Python's standard library. They're used with pyOpenSSL in a very fragile
way, and there are known issues when receiving large responses from a RAPI
server.

By switching to PycURL we leverage the power and stability of the
widely-used curl library (libcurl). This brings us much more flexibility
than before, and timeouts were easily implemented (something that would
have involved a lot of work with the built-in modules).

There's one small drawback: Programs using libcurl have to call
curl_global_init(3) (available as pycurl.global_init) while exactly one
thread is running (e.g. before other threads) and are supposed to call
curl_global_cleanup(3) (available as pycurl.global_cleanup) upon exiting.
See the manpages for details. A decorator is provided to simplify this.

Unittests for the new code are provided, increasing the test coverage of
the RAPI client from 74% to 89%.
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
      2a7c3583
  15. 23 Jun, 2010 1 commit
  17. 17 Jun, 2010 2 commits
    • Michael Hanselmann's avatar
      RAPI client: Add support for Python 2.6 · 809bc174
      Michael Hanselmann authored 
      

The httplib module used by urllib2 requires its sockets to have a
makefile() method to provide a file-like interface (or rather
file-in-Python-like) to the socket. PyOpenSSL doesn't implement
makefile() as the semantics require files to call dup(2) on the
underlying file descriptors, something not easily done on SSL sockets.

Python up to and including 2.5 have a class to simulate makefile(),
httplib.FakeSocket. With the addition of SSL support in Python 2.6, this
class was deprecated and no longer functions.

This patch adds a new, simpler wrapper class which is used in Python 2.6
and above only. It's good enough for this use.

There are general problems in these generic wrapper classes--none of
them handles SSL I/O properly. They break, for example, when the server
requests a renegotiation. This will need more work.
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
      809bc174
    • Michael Hanselmann's avatar
      RAPI client: Add support for Python 2.6 · beba56ae
      Michael Hanselmann authored 
      

The httplib module used by urllib2 requires its sockets to have a
makefile() method to provide a file-like interface (or rather
file-in-Python-like) to the socket. PyOpenSSL doesn't implement
makefile() as the semantics require files to call dup(2) on the
underlying file descriptors, something not easily done on SSL sockets.

Python up to and including 2.5 have a class to simulate makefile(),
httplib.FakeSocket. With the addition of SSL support in Python 2.6, this
class was deprecated and no longer functions.

This patch adds a new, simpler wrapper class which is used in Python 2.6
and above only. It's good enough for this use.

There are general problems in these generic wrapper classes--none of
them handles SSL I/O properly. They break, for example, when the server
requests a renegotiation. This will need more work.
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
      beba56ae
  19. 31 May, 2010 1 commit
  21. 18 May, 2010 2 commits
  23. 17 May, 2010 2 commits
  25. 13 May, 2010 3 commits
  27. 12 May, 2010 1 commit
    • Michael Hanselmann's avatar
      RAPI client: Fix SSL error reporting for real · 0d9bc5d2
      Michael Hanselmann authored 
      My previous patch, commit 857705e8

, helped in one particular
situation where the exception didn't contain any arguments
(pyOpenSSL reporting a WantReadError, which shouldn't occur with a
blocking socket anyway). With this patch, more common and uncommon
errors should be easy to recognize.

SSL errors without any of these patches:
“ganeti.rapi.client.CertificateError: SSL issue:
[('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
'certificate verify failed')]”

SSL errors with both patches:
“ganeti.rapi.client.CertificateError: SSL issue:
[('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
'certificate verify failed')] (<OpenSSL.SSL.Error
instance at 0x…>)”

WantReadError without any of these two patches:
“ganeti.rapi.client.CertificateError: SSL issue: ”

WantReadError with both patches:
“ganeti.rapi.client.CertificateError: SSL issue:
(<OpenSSL.SSL.WantReadError instance at 0x…>)”
Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
Reviewed-by: default avatarIustin Pop <iustin@google.com>
      0d9bc5d2
  29. 11 May, 2010 17 commits