From: Thierry Parmentelat <thierry.parmentelat@inria.fr>
Date: Tue, 17 Mar 2015 13:38:18 +0000 (+0100)
Subject: turn off server verification for python-2.7.9
X-Git-Tag: sfa-3.1-14~4
X-Git-Url: http://git.onelab.eu/?p=sfa.git;a=commitdiff_plain;h=81bd7f26b6637e2bf3002d9efe0f53839a799e8b

turn off server verification for python-2.7.9
---

diff --git a/sfa/client/manifolduploader.py b/sfa/client/manifolduploader.py
index f8ca0f9d..8354e1ef 100755
--- a/sfa/client/manifolduploader.py
+++ b/sfa/client/manifolduploader.py
@@ -25,6 +25,10 @@
 DEFAULT_URL = "http://myslice.onelab.eu:7080"
 DEFAULT_PLATFORM = 'ple'
 
+# starting with 2.7.9 we need to turn off server verification
+import ssl
+ssl_needs_unverified_context = hasattr(ssl, '_create_unverified_context')
+
 import xmlrpclib
 import getpass
 
@@ -78,7 +82,12 @@ class ManifoldUploader:
 #        return self._proxy
         url=self.url()
         self.logger.debug("Connecting manifold url %s"%url)
-        return xmlrpclib.ServerProxy(url, allow_none = True)
+        if not ssl_needs_unverified_context:
+            proxy = xmlrpclib.ServerProxy(url, allow_none = True)
+        else:
+            proxy = xmlrpclib.ServerProxy(url, allow_none = True,
+                                          context=ssl._create_unverified_context())
+        return proxy
 
     # does the job for one credential
     # expects the credential (string) and an optional message (e.g. hrn) for reporting
diff --git a/sfa/client/sfaserverproxy.py b/sfa/client/sfaserverproxy.py
index b348126e..762ea380 100644
--- a/sfa/client/sfaserverproxy.py
+++ b/sfa/client/sfaserverproxy.py
@@ -1,5 +1,9 @@
 # XMLRPC-specific code for SFA Client
 
+# starting with 2.7.9 we need to turn off server verification
+import ssl
+ssl_needs_unverified_context = hasattr(ssl, '_create_unverified_context')
+
 import xmlrpclib
 from httplib import HTTPS, HTTPSConnection
 
@@ -51,7 +55,13 @@ class XMLRPCTransport(xmlrpclib.Transport):
         # host may be a string, or a (host, x509-dict) tuple
         host, extra_headers, x509 = self.get_host_info(host)
         if need_HTTPSConnection:
-            conn = HTTPSConnection(host, None, key_file=self.key_file, cert_file=self.cert_file)
+            if not ssl_needs_unverified_context:
+                conn = HTTPSConnection(host, None, key_file = self.key_file,
+                                       cert_file = self.cert_file)
+            else:
+                conn = HTTPSConnection(host, None, key_file = self.key_file,
+                                       cert_file = self.cert_file,
+                                       context = ssl._create_unverified_context())
         else:
             conn = HTTPS(host, None, key_file=self.key_file, cert_file=self.cert_file)
 
@@ -84,10 +94,16 @@ class XMLRPCServerProxy(xmlrpclib.ServerProxy):
         # remember url for GetVersion
         # xxx not sure this is still needed as SfaServerProxy has this too
         self.url=url
-        xmlrpclib.ServerProxy.__init__(self, url, transport, allow_none=allow_none, verbose=verbose)
+        if not ssl_needs_unverified_context:
+            xmlrpclib.ServerProxy.__init__(self, url, transport, allow_none=allow_none,
+                                           verbose=verbose)
+        else:
+            xmlrpclib.ServerProxy.__init__(self, url, transport, allow_none=allow_none,
+                                           verbose=verbose,
+                                           context=ssl._create_unverified_context())
 
     def __getattr__(self, attr):
-        logger.debug ("xml-rpc %s method:%s"%(self.url,attr))
+        logger.debug ("xml-rpc %s method:%s" % (self.url, attr))
         return xmlrpclib.ServerProxy.__getattr__(self, attr)
 
 ########## the object on which we can send methods that get sent over xmlrpc