13 try: |
13 try: |
14 # avoid using deprecated/broken FakeSocket in python 2.6 |
14 # avoid using deprecated/broken FakeSocket in python 2.6 |
15 import ssl |
15 import ssl |
16 CERT_REQUIRED = ssl.CERT_REQUIRED |
16 CERT_REQUIRED = ssl.CERT_REQUIRED |
17 PROTOCOL_TLSv1 = ssl.PROTOCOL_TLSv1 |
17 PROTOCOL_TLSv1 = ssl.PROTOCOL_TLSv1 |
18 def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, |
18 try: |
19 cert_reqs=ssl.CERT_NONE, ca_certs=None): |
19 ssl_context = ssl.SSLContext |
20 sslsocket = ssl.wrap_socket(sock, keyfile, certfile, |
20 |
21 cert_reqs=cert_reqs, ca_certs=ca_certs, |
21 def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, |
22 ssl_version=ssl_version) |
22 cert_reqs=ssl.CERT_NONE, ca_certs=None, |
23 # check if wrap_socket failed silently because socket had been closed |
23 serverhostname=None): |
24 # - see http://bugs.python.org/issue13721 |
24 sslcontext = ssl.SSLContext(ssl_version) |
25 if not sslsocket.cipher(): |
25 if certfile is not None: |
26 raise util.Abort(_('ssl connection failed')) |
26 sslcontext.load_cert_chain(certfile, keyfile) |
27 return sslsocket |
27 sslcontext.verify_mode = cert_reqs |
|
28 if ca_certs is not None: |
|
29 sslcontext.load_verify_locations(cafile=ca_certs) |
|
30 |
|
31 sslsocket = sslcontext.wrap_socket(sock, |
|
32 server_hostname=serverhostname) |
|
33 # check if wrap_socket failed silently because socket had been |
|
34 # closed |
|
35 # - see http://bugs.python.org/issue13721 |
|
36 if not sslsocket.cipher(): |
|
37 raise util.Abort(_('ssl connection failed')) |
|
38 return sslsocket |
|
39 except AttributeError: |
|
40 def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, |
|
41 cert_reqs=ssl.CERT_NONE, ca_certs=None, |
|
42 serverhostname=None): |
|
43 sslsocket = ssl.wrap_socket(sock, keyfile, certfile, |
|
44 cert_reqs=cert_reqs, ca_certs=ca_certs, |
|
45 ssl_version=ssl_version) |
|
46 # check if wrap_socket failed silently because socket had been |
|
47 # closed |
|
48 # - see http://bugs.python.org/issue13721 |
|
49 if not sslsocket.cipher(): |
|
50 raise util.Abort(_('ssl connection failed')) |
|
51 return sslsocket |
28 except ImportError: |
52 except ImportError: |
29 CERT_REQUIRED = 2 |
53 CERT_REQUIRED = 2 |
30 |
54 |
31 PROTOCOL_TLSv1 = 3 |
55 PROTOCOL_TLSv1 = 3 |
32 |
56 |
33 import socket, httplib |
57 import socket, httplib |
34 |
58 |
35 def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, |
59 def ssl_wrap_socket(sock, keyfile, certfile, ssl_version=PROTOCOL_TLSv1, |
36 cert_reqs=CERT_REQUIRED, ca_certs=None): |
60 cert_reqs=CERT_REQUIRED, ca_certs=None, |
|
61 serverhostname=None): |
37 if not util.safehasattr(socket, 'ssl'): |
62 if not util.safehasattr(socket, 'ssl'): |
38 raise util.Abort(_('Python SSL support not found')) |
63 raise util.Abort(_('Python SSL support not found')) |
39 if ca_certs: |
64 if ca_certs: |
40 raise util.Abort(_( |
65 raise util.Abort(_( |
41 'certificate checking requires Python 2.6')) |
66 'certificate checking requires Python 2.6')) |