Commit 0ff9bb60 authored by Alexander Pace's avatar Alexander Pace
Browse files

Merge branch 'leo-singer/gracedb-client-remove-python-2-6-monkeypatch' into HEAD

parents 51be1569 0b45b828
...@@ -36,26 +36,6 @@ from .utils import event_or_superevent, safe_netrc ...@@ -36,26 +36,6 @@ from .utils import event_or_superevent, safe_netrc
DEFAULT_SERVICE_URL = "https://gracedb.ligo.org/api/" DEFAULT_SERVICE_URL = "https://gracedb.ligo.org/api/"
# --------------------------------------------------------------------
# This monkey patch forces TLSv1 if the python version is 2.6.6.
# It was introduced because clients connection from CIT *occasionally*
# try to use SSLv3. See:
# http://stackoverflow.com/questions/18669457/python-httplib-ssl23-get-server-hellounknown-protocol
# --------------------------------------------------------------------
if sys.version_info <= (2, 6, 6):
wrap_socket_orig = ssl.wrap_socket
def wrap_socket_patched(sock, keyfile=None, certfile=None,
server_side=False, cert_reqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_TLSv1, ca_certs=None,
do_handshake_on_connect=True,
suppress_ragged_eofs=True):
return wrap_socket_orig(sock, keyfile, certfile, server_side,
cert_reqs, ssl_version, ca_certs,
do_handshake_on_connect,
suppress_ragged_eofs)
ssl.wrap_socket = wrap_socket_patched
# ---------------------------------------------------------------- # ----------------------------------------------------------------
# HTTP/S Proxy classes # HTTP/S Proxy classes
# Taken from: http://code.activestate.com/recipes/456195/ # Taken from: http://code.activestate.com/recipes/456195/
...@@ -119,11 +99,7 @@ class ProxyHTTPSConnection(ProxyHTTPConnection): ...@@ -119,11 +99,7 @@ class ProxyHTTPSConnection(ProxyHTTPConnection):
def connect(self): def connect(self):
ProxyHTTPConnection.connect(self) ProxyHTTPConnection.connect(self)
# make the sock ssl-aware # make the sock ssl-aware
if sys.version_info < (2, 6, 6): self.sock = self.context.wrap_socket(self.sock)
ssl = socket.ssl(self.sock, self.key_file, self.cert_file)
self.sock = http_client.FakeSocket(self.sock, ssl)
else:
self.sock = self.context.wrap_socket(self.sock)
# ---------------------------------------------------------------- # ----------------------------------------------------------------
...@@ -300,44 +276,29 @@ class GsiRest(object): ...@@ -300,44 +276,29 @@ class GsiRest(object):
print(out_str) print(out_str)
def set_up_connector(self, host, port, proxy_host, proxy_port): def set_up_connector(self, host, port, proxy_host, proxy_port):
# Versions of Python earlier than 2.7.9 don't use SSL Context # Prepare SSL context
# objects for this purpose, and do not do any server cert verification. ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
ssl_context = None if (self.auth_type == 'x509'):
if sys.version_info >= (2, 6, 6): try:
# Use the new method with SSL Context ssl_context.load_cert_chain(self.credentials['cert_file'],
# Prepare SSL context self.credentials['key_file'])
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) except ssl.SSLError:
if (self.auth_type == 'x509'): msg = ("\nERROR: Unable to load cert/key pair.\n\nPlease "
try: "run ligo-proxy-init or grid-proxy-init again or "
ssl_context.load_cert_chain(self.credentials['cert_file'], "make sure your robot certificate is readable.\n\n")
self.credentials['key_file']) self.output_and_die(msg)
except ssl.SSLError: # Load and verify certificates
msg = ("\nERROR: Unable to load cert/key pair.\n\nPlease " ssl_context.verify_mode = ssl.CERT_REQUIRED
"run ligo-proxy-init or grid-proxy-init again or " ssl_context.check_hostname = True
"make sure your robot certificate is readable.\n\n") # Find the various CA cert bundles stored on the system
self.output_and_die(msg) ssl_context.load_default_certs()
# Load and verify certificates
ssl_context.verify_mode = ssl.CERT_REQUIRED if proxy_host:
ssl_context.check_hostname = True self.connector = lambda: ProxyHTTPSConnection(
# Find the various CA cert bundles stored on the system proxy_host, proxy_port, context=ssl_context)
ssl_context.load_default_certs()
if proxy_host:
self.connector = lambda: ProxyHTTPSConnection(
proxy_host, proxy_port, context=ssl_context)
else:
self.connector = lambda: http_client.HTTPSConnection(
host, port, context=ssl_context)
else: else:
# Using an older version of python. We'll pass in the cert and self.connector = lambda: http_client.HTTPSConnection(
# key files. host, port, context=ssl_context)
creds = self.credentials if self.auth_type == 'x509' else {}
if proxy_host:
self.connector = lambda: ProxyHTTPSConnection(
proxy_host, proxy_port, **creds)
else:
self.connector = lambda: http_client.HTTPSConnection(
host, port, **creds)
def _process_credentials(self, cred, username, password): def _process_credentials(self, cred, username, password):
"""Process credentials provided in the constructor""" """Process credentials provided in the constructor"""
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment