class BootServerRequest:
- VERBOSE = 0
-
# all possible places to check the cdrom mount point.
# /mnt/cdrom is typically after the machine has come up,
# and /usr is when the boot cd is running
# really need for the boot cd environment where pycurl
# doesn't exist
CURL_CMD = 'curl'
- CURL_SSL_VERSION = 3
+
+ # use TLSv1 and not SSLv3 anymore
+ if PYCURL_LOADED:
+ CURL_SSL_VERSION = pycurl.SSLVERSION_TLSv1
+ else:
+ # used to be '3' for SSLv3
+ # xxx really not sure what this means when pycurl is not loaded
+ CURL_SSL_VERSION = 1
def __init__(self, vars, verbose=0):
# Copyright (c) 2004-2006 The Trustees of Princeton University
# All rights reserved.
+from __future__ import print_function
+
import os
import xmlrpclib
+import ssl
import socket
import string
log.write("Opening connection to API server\n")
try:
- api_inst = xmlrpclib.Server(vars['BOOT_API_SERVER'], verbose=0)
- except KeyError as e:
+ server_url = vars['BOOT_API_SERVER']
+ except:
raise BootManagerException("configuration file does not specify API server URL")
+
+ api_inst = None
+ # preferred strategy : select tlsv1 as the encryption protocol
+ try:
+ ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
+ api_inst = xmlrpclib.ServerProxy(server_url,
+ context=ssl_context,
+ verbose=0)
+ # this is only supported in python >= 2.7.9 though, so allow for failure
+ except:
+ print("Default xmlrpclib strategy failed")
+ import traceback
+ traceback.print_exc()
+ pass
+
+ # if that failed, resort to the old-fashioned code
+ if api_inst is None:
+ api_inst = xmlrpclib.ServerProxy(server_url, verbose=0)
vars['API_SERVER_INST'] = api_inst
# Download SHA1 checksum file
log.write("downloading sha1sum for {}\n".format(source_file))
result = bs_request.DownloadFile(source_hash_file, None, None,
- 1, 1, dest_hash_file,
- 30, 14400)
+ 1, 1, dest_hash_file,
+ 30, 14400)
log.write("verifying sha1sum for {}\n".format(source_file))
if not utils.check_file_hash(dest_file, dest_hash_file):