Commit 0b45b828 authored by Leo Pound Singer's avatar Leo Pound Singer

Remove Python 2.6 monkeypatch

According to the classifiers in setup.py, Python 2.6 is no longer
supported by this package.
parent 1b637051
......@@ -36,26 +36,6 @@ from .utils import event_or_superevent, safe_netrc
DEFAULT_SERVICE_URL = "https://gracedb.ligo.org/api/"
# --------------------------------------------------------------------
# This monkey patch forces TLSv1 if the python version is 2.6.6.
# It was introduced because clients connection from CIT *occasionally*
# try to use SSLv3. See:
# http://stackoverflow.com/questions/18669457/python-httplib-ssl23-get-server-hellounknown-protocol
# --------------------------------------------------------------------
if sys.version_info <= (2, 6, 6):
wrap_socket_orig = ssl.wrap_socket
def wrap_socket_patched(sock, keyfile=None, certfile=None,
server_side=False, cert_reqs=ssl.CERT_NONE,
ssl_version=ssl.PROTOCOL_TLSv1, ca_certs=None,
do_handshake_on_connect=True,
suppress_ragged_eofs=True):
return wrap_socket_orig(sock, keyfile, certfile, server_side,
cert_reqs, ssl_version, ca_certs,
do_handshake_on_connect,
suppress_ragged_eofs)
ssl.wrap_socket = wrap_socket_patched
# ----------------------------------------------------------------
# HTTP/S Proxy classes
# Taken from: http://code.activestate.com/recipes/456195/
......@@ -119,11 +99,7 @@ class ProxyHTTPSConnection(ProxyHTTPConnection):
def connect(self):
ProxyHTTPConnection.connect(self)
# make the sock ssl-aware
if sys.version_info < (2, 6, 6):
ssl = socket.ssl(self.sock, self.key_file, self.cert_file)
self.sock = http_client.FakeSocket(self.sock, ssl)
else:
self.sock = self.context.wrap_socket(self.sock)
self.sock = self.context.wrap_socket(self.sock)
# ----------------------------------------------------------------
......@@ -300,44 +276,29 @@ class GsiRest(object):
print(out_str)
def set_up_connector(self, host, port, proxy_host, proxy_port):
# Versions of Python earlier than 2.7.9 don't use SSL Context
# objects for this purpose, and do not do any server cert verification.
ssl_context = None
if sys.version_info >= (2, 6, 6):
# Use the new method with SSL Context
# Prepare SSL context
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
if (self.auth_type == 'x509'):
try:
ssl_context.load_cert_chain(self.credentials['cert_file'],
self.credentials['key_file'])
except ssl.SSLError:
msg = ("\nERROR: Unable to load cert/key pair.\n\nPlease "
"run ligo-proxy-init or grid-proxy-init again or "
"make sure your robot certificate is readable.\n\n")
self.output_and_die(msg)
# Load and verify certificates
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = True
# Find the various CA cert bundles stored on the system
ssl_context.load_default_certs()
if proxy_host:
self.connector = lambda: ProxyHTTPSConnection(
proxy_host, proxy_port, context=ssl_context)
else:
self.connector = lambda: http_client.HTTPSConnection(
host, port, context=ssl_context)
# Prepare SSL context
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
if (self.auth_type == 'x509'):
try:
ssl_context.load_cert_chain(self.credentials['cert_file'],
self.credentials['key_file'])
except ssl.SSLError:
msg = ("\nERROR: Unable to load cert/key pair.\n\nPlease "
"run ligo-proxy-init or grid-proxy-init again or "
"make sure your robot certificate is readable.\n\n")
self.output_and_die(msg)
# Load and verify certificates
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = True
# Find the various CA cert bundles stored on the system
ssl_context.load_default_certs()
if proxy_host:
self.connector = lambda: ProxyHTTPSConnection(
proxy_host, proxy_port, context=ssl_context)
else:
# Using an older version of python. We'll pass in the cert and
# key files.
creds = self.credentials if self.auth_type == 'x509' else {}
if proxy_host:
self.connector = lambda: ProxyHTTPSConnection(
proxy_host, proxy_port, **creds)
else:
self.connector = lambda: http_client.HTTPSConnection(
host, port, **creds)
self.connector = lambda: http_client.HTTPSConnection(
host, port, context=ssl_context)
def _process_credentials(self, cred, username, password):
"""Process credentials provided in the constructor"""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment