X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=sfa%2Fclient%2Fsfaserverproxy.py;fp=sfa%2Fclient%2Fsfaserverproxy.py;h=d1d091073442be1f672d3b9afdd3450df21ca9f4;hb=38bc23de8fd7236420452ab683f236fab457d98e;hp=6c11ee0603779522fabef175bc46385c72e6f0ed;hpb=f71aba8ed6780482dd3ab0bdb9d3c4727b05435d;p=sfa.git diff --git a/sfa/client/sfaserverproxy.py b/sfa/client/sfaserverproxy.py index 6c11ee06..d1d09107 100644 --- a/sfa/client/sfaserverproxy.py +++ b/sfa/client/sfaserverproxy.py @@ -1,7 +1,6 @@ # XMLRPC-specific code for SFA Client -from sfa.util.ssl import simple_ssl_context - +import ssl import xmlrpc.client import http.client @@ -38,6 +37,15 @@ class ExceptionUnmarshaller(xmlrpc.client.Unmarshaller): # targetting only python-2.7 we can get rid of some older code +def sfa_client_ssl_context(): + ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS) + ssl_context.verify_mode = ssl.CERT_NONE + ssl_context.check_hostname = False +# with open("root.gid") as root: +# ssl_context.load_verify_locations(cadata=root.read()) + return ssl_context + + class XMLRPCTransport(xmlrpc.client.Transport): def __init__(self, key_file=None, cert_file=None, timeout=None): @@ -51,26 +59,31 @@ class XMLRPCTransport(xmlrpc.client.Transport): # host may be a string, or a (host, x509-dict) tuple host, extra_headers, x509 = self.get_host_info(host) conn = http.client.HTTPSConnection( - host, None, key_file=self.key_file, - cert_file=self.cert_file, context=simple_ssl_context()) - - # Some logic to deal with timeouts. It appears that some (or all) versions - # of python don't set the timeout after the socket is created. We'll do it - # ourselves by forcing the connection to connect, finding the socket, and - # calling settimeout() on it. (tested with python 2.6) - if self.timeout: - if hasattr(conn, 'set_timeout'): - conn.set_timeout(self.timeout) - - if hasattr(conn, "_conn"): - # HTTPS is a wrapper around HTTPSConnection - real_conn = conn._conn - else: - real_conn = conn - conn.connect() - if hasattr(real_conn, "sock") and hasattr(real_conn.sock, "settimeout"): - real_conn.sock.settimeout(float(self.timeout)) - + host, port=None, + key_file=self.key_file, + cert_file=self.cert_file, + timeout=self.timeout, + context=sfa_client_ssl_context(), + check_hostname=False, + ) + +# # Some logic to deal with timeouts. It appears that some (or all) versions +# # of python don't set the timeout after the socket is created. We'll do it +# # ourselves by forcing the connection to connect, finding the socket, and +# # calling settimeout() on it. (tested with python 2.6) +# if self.timeout: +# if hasattr(conn, 'set_timeout'): +# conn.set_timeout(self.timeout) +# +# if hasattr(conn, "_conn"): +# # HTTPS is a wrapper around HTTPSConnection +# real_conn = conn._conn +# else: +# real_conn = conn +# conn.connect() +# if hasattr(real_conn, "sock") and hasattr(real_conn.sock, "settimeout"): +# real_conn.sock.settimeout(float(self.timeout)) +# return conn def getparser(self): @@ -87,7 +100,7 @@ class XMLRPCServerProxy(xmlrpc.client.ServerProxy): self.url = url xmlrpc.client.ServerProxy.__init__( self, url, transport, allow_none=allow_none, - context=simple_ssl_context(), verbose=verbose) + context=sfa_client_ssl_context(), verbose=verbose) def __getattr__(self, attr): logger.debug("xml-rpc %s method:%s" % (self.url, attr))