Alon Bar-Lev has uploaded a new change for review. Change subject: packaging: setup: ssl2jkstrust: read chain from connection and not from context ......................................................................
packaging: setup: ssl2jkstrust: read chain from connection and not from context this provides the entire chain in more cases, although should be the other way around. Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1058016 Change-Id: I7e0ae4735cc1ef772e3c703d9bb04e6a01c07532 Signed-off-by: Alon Bar-Lev <[email protected]> --- M packaging/legacy-setup/ssl2jkstrust.py 1 file changed, 9 insertions(+), 28 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-reports refs/changes/35/23735/1 diff --git a/packaging/legacy-setup/ssl2jkstrust.py b/packaging/legacy-setup/ssl2jkstrust.py index ce09ff0..d75b34f 100755 --- a/packaging/legacy-setup/ssl2jkstrust.py +++ b/packaging/legacy-setup/ssl2jkstrust.py @@ -4,6 +4,7 @@ import os import optparse import subprocess +import contextlib from M2Crypto import SSL, X509 @@ -16,38 +17,18 @@ host -- (host, port) ''' - # openssl verify callback does not - # accept context, so we collect the chain - # in semi-global dictionary - # - # a certificate may be revisit more than one time. - # - # format: - # depth: certificate - chain = {} - - def verify(ok, store): - chain[store.get_error_depth()] = store.get_current_cert().as_pem() - return True - def check_ignore(*args, **kw): return True ctx = SSL.Context() - ctx.set_verify( - SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, - depth=10, - callback=verify - ) - sock = SSL.Connection(ctx) - # we would like to ignore any issue with certificates - sock.set_post_connection_check_callback(check_ignore) - sock.connect(host) - sock.close() - - # return sorted by depth - # first is end certificate - return [chain[depth] for depth in sorted(chain.keys())] + ctx.set_verify(SSL.verify_none, 10) + with contextlib.closing(SSL.Connection(ctx)) as sock: + # we would like to ignore any issue with certificates + sock.set_post_connection_check_callback(check_ignore) + sock.connect(host) + # if we do not shutdown some sites hungs on close + sock.shutdown(3) + return [c.as_pem() for c in sock.get_peer_cert_chain()] def main(): -- To view, visit http://gerrit.ovirt.org/23735 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7e0ae4735cc1ef772e3c703d9bb04e6a01c07532 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-reports Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
