1. 18 Aug, 2010 1 commit
  2. 10 Aug, 2010 3 commits
  3. 29 Jul, 2010 2 commits
  4. 23 Jul, 2010 1 commit
  5. 19 Jul, 2010 1 commit
  6. 13 Jul, 2010 1 commit
  7. 01 Jul, 2010 2 commits
    • Guido Trotter's avatar
      RapiClient: fix multi-authentication in Python 2.6 · 14ff387e
      Guido Trotter authored
      
      
      In Python 2.6 the urllib2.HTTPBasicAuthHandler has a "retried" count for
      failed authentications. The handler fails after 5 of them. To solve this
      we reset the handler's "retried" member variable to 0 after every
      successful request. This is a bit ugly, but makes the client work again
      for more than 5 requests under all versions of Python.
      
      Note that the digest authentication handler has a reset_retry_count()
      method to do this, but the method is not defined for the basic
      authentication handler, so we must reset the variable itself.
      
      This member variable is unused in 2.4 and 2.5, so the change doesn't
      affect the client under older Python versions.
      Signed-off-by: default avatarGuido Trotter <ultrotter@google.com>
      Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
      14ff387e
    • Michael Hanselmann's avatar
      RAPI client: Switch to pycURL · 2a7c3583
      Michael Hanselmann authored
      
      
      Currently the RAPI client uses the urllib2 and httplib modules from
      Python's standard library. They're used with pyOpenSSL in a very fragile
      way, and there are known issues when receiving large responses from a RAPI
      server.
      
      By switching to PycURL we leverage the power and stability of the
      widely-used curl library (libcurl). This brings us much more flexibility
      than before, and timeouts were easily implemented (something that would
      have involved a lot of work with the built-in modules).
      
      There's one small drawback: Programs using libcurl have to call
      curl_global_init(3) (available as pycurl.global_init) while exactly one
      thread is running (e.g. before other threads) and are supposed to call
      curl_global_cleanup(3) (available as pycurl.global_cleanup) upon exiting.
      See the manpages for details. A decorator is provided to simplify this.
      
      Unittests for the new code are provided, increasing the test coverage of
      the RAPI client from 74% to 89%.
      Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
      Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
      Reviewed-by: default avatarIustin Pop <iustin@google.com>
      2a7c3583
  8. 23 Jun, 2010 1 commit
  9. 17 Jun, 2010 2 commits
    • Michael Hanselmann's avatar
      RAPI client: Add support for Python 2.6 · 809bc174
      Michael Hanselmann authored
      
      
      The httplib module used by urllib2 requires its sockets to have a
      makefile() method to provide a file-like interface (or rather
      file-in-Python-like) to the socket. PyOpenSSL doesn't implement
      makefile() as the semantics require files to call dup(2) on the
      underlying file descriptors, something not easily done on SSL sockets.
      
      Python up to and including 2.5 have a class to simulate makefile(),
      httplib.FakeSocket. With the addition of SSL support in Python 2.6, this
      class was deprecated and no longer functions.
      
      This patch adds a new, simpler wrapper class which is used in Python 2.6
      and above only. It's good enough for this use.
      
      There are general problems in these generic wrapper classes--none of
      them handles SSL I/O properly. They break, for example, when the server
      requests a renegotiation. This will need more work.
      Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
      Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
      809bc174
    • Michael Hanselmann's avatar
      RAPI client: Add support for Python 2.6 · beba56ae
      Michael Hanselmann authored
      
      
      The httplib module used by urllib2 requires its sockets to have a
      makefile() method to provide a file-like interface (or rather
      file-in-Python-like) to the socket. PyOpenSSL doesn't implement
      makefile() as the semantics require files to call dup(2) on the
      underlying file descriptors, something not easily done on SSL sockets.
      
      Python up to and including 2.5 have a class to simulate makefile(),
      httplib.FakeSocket. With the addition of SSL support in Python 2.6, this
      class was deprecated and no longer functions.
      
      This patch adds a new, simpler wrapper class which is used in Python 2.6
      and above only. It's good enough for this use.
      
      There are general problems in these generic wrapper classes--none of
      them handles SSL I/O properly. They break, for example, when the server
      requests a renegotiation. This will need more work.
      Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
      Reviewed-by: default avatarGuido Trotter <ultrotter@google.com>
      beba56ae
  10. 31 May, 2010 1 commit
  11. 18 May, 2010 2 commits
  12. 17 May, 2010 2 commits
  13. 13 May, 2010 3 commits
  14. 12 May, 2010 1 commit
    • Michael Hanselmann's avatar
      RAPI client: Fix SSL error reporting for real · 0d9bc5d2
      Michael Hanselmann authored
      My previous patch, commit 857705e8
      
      , helped in one particular
      situation where the exception didn't contain any arguments
      (pyOpenSSL reporting a WantReadError, which shouldn't occur with a
      blocking socket anyway). With this patch, more common and uncommon
      errors should be easy to recognize.
      
      SSL errors without any of these patches:
      “ganeti.rapi.client.CertificateError: SSL issue:
      [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
      'certificate verify failed')]”
      
      SSL errors with both patches:
      “ganeti.rapi.client.CertificateError: SSL issue:
      [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE',
      'certificate verify failed')] (<OpenSSL.SSL.Error
      instance at 0x…>)”
      
      WantReadError without any of these two patches:
      “ganeti.rapi.client.CertificateError: SSL issue: ”
      
      WantReadError with both patches:
      “ganeti.rapi.client.CertificateError: SSL issue:
      (<OpenSSL.SSL.WantReadError instance at 0x…>)”
      Signed-off-by: default avatarMichael Hanselmann <hansmi@google.com>
      Reviewed-by: default avatarIustin Pop <iustin@google.com>
      0d9bc5d2
  15. 11 May, 2010 17 commits