Commit 0ff9bb60 authored by Alexander Pace's avatar Alexander Pace

Merge branch 'leo-singer/gracedb-client-remove-python-2-6-monkeypatch' into HEAD

parents 51be1569 0b45b828
......@@ -36,26 +36,6 @@ from .utils import event_or_superevent, safe_netrc
DEFAULT_SERVICE_URL = "https://gracedb.ligo.org/api/"
# --------------------------------------------------------------------
# This monkey patch forces TLSv1 if the python version is 2.6.6.
# It was introduced because clients connection from CIT *occasionally*
# try to use SSLv3. See:
# http://stackoverflow.com/questions/18669457/python-httplib-ssl23-get-server-hellounknown-protocol
# --------------------------------------------------------------------
if sys.version_info <= (2, 6, 6):
wrap_socket_orig = ssl.wrap_socket
def wrap_socket_patched(sock, keyfile=None, certfile=None,
server_side=False, cert_reqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_TLSv1, ca_certs=None,
do_handshake_on_connect=True,
suppress_ragged_eofs=True):
return wrap_socket_orig(sock, keyfile, certfile, server_side,
cert_reqs, ssl_version, ca_certs,
do_handshake_on_connect,
suppress_ragged_eofs)
ssl.wrap_socket = wrap_socket_patched
# ----------------------------------------------------------------
# HTTP/S Proxy classes
# Taken from: http://code.activestate.com/recipes/456195/
......@@ -119,11 +99,7 @@ class ProxyHTTPSConnection(ProxyHTTPConnection):
def connect(self):
ProxyHTTPConnection.connect(self)
# make the sock ssl-aware
if sys.version_info < (2, 6, 6):
ssl = socket.ssl(self.sock, self.key_file, self.cert_file)
self.sock = http_client.FakeSocket(self.sock, ssl)
else:
self.sock = self.context.wrap_socket(self.sock)
self.sock = self.context.wrap_socket(self.sock)
# ----------------------------------------------------------------
......@@ -300,44 +276,29 @@ class GsiRest(object):
print(out_str)
def set_up_connector(self, host, port, proxy_host, proxy_port):
# Versions of Python earlier than 2.7.9 don't use SSL Context
# objects for this purpose, and do not do any server cert verification.
ssl_context = None
if sys.version_info >= (2, 6, 6):
# Use the new method with SSL Context
# Prepare SSL context
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
if (self.auth_type == 'x509'):
try:
ssl_context.load_cert_chain(self.credentials['cert_file'],
self.credentials['key_file'])
except ssl.SSLError:
msg = ("\nERROR: Unable to load cert/key pair.\n\nPlease "
"run ligo-proxy-init or grid-proxy-init again or "
"make sure your robot certificate is readable.\n\n")
self.output_and_die(msg)
# Load and verify certificates
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = True
# Find the various CA cert bundles stored on the system
ssl_context.load_default_certs()
if proxy_host:
self.connector = lambda: ProxyHTTPSConnection(
proxy_host, proxy_port, context=ssl_context)
else:
self.connector = lambda: http_client.HTTPSConnection(
host, port, context=ssl_context)
# Prepare SSL context
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
if (self.auth_type == 'x509'):
try:
ssl_context.load_cert_chain(self.credentials['cert_file'],
self.credentials['key_file'])
except ssl.SSLError:
msg = ("\nERROR: Unable to load cert/key pair.\n\nPlease "
"run ligo-proxy-init or grid-proxy-init again or "
"make sure your robot certificate is readable.\n\n")
self.output_and_die(msg)
# Load and verify certificates
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = True
# Find the various CA cert bundles stored on the system
ssl_context.load_default_certs()
if proxy_host:
self.connector = lambda: ProxyHTTPSConnection(
proxy_host, proxy_port, context=ssl_context)
else:
# Using an older version of python. We'll pass in the cert and
# key files.
creds = self.credentials if self.auth_type == 'x509' else {}
if proxy_host:
self.connector = lambda: ProxyHTTPSConnection(
proxy_host, proxy_port, **creds)
else:
self.connector = lambda: http_client.HTTPSConnection(
host, port, **creds)
self.connector = lambda: http_client.HTTPSConnection(
host, port, context=ssl_context)
def _process_credentials(self, cred, username, password):
"""Process credentials provided in the constructor"""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment