[ovs-dev] [PATCH v2] python ovs: Fix SSL exceptions with pyOpenSSL v0.13

Mon, 15 May 2017 08:39:54 -0700 

From: Numan Siddique <nusid...@redhat.com>

Centos provides pyOpenSSL version pyOpenSSL-0.13.1-3.el7.x86_64.
There are 2 issues using this version, which this patch fixes

 - The test case "simple idl verify notify - SSL" is skipped.
   This is because "python -m OpenSSL.SSL" is used to detect the
   presence of pyOpenSSL package. pyOpenSSL v0.13 has C python
   modules because of which the above command returns 1.
   So this patch fixes this by using 'python -c "import OpenSSL.SSL"'.

 - The SSL.Context class do not have the function "set_session_cache_mode"
   defined. Setting the session cache mode has an effect for server-side
   sessions and doesn't make much sense for client-side sessions.
   Since python ovs doesn't support "pssl" connection mode, this patch
   deletes the reference to this function.

I have not tested with older versions (< 0.13) of pyOpenSSL.

Signed-off-by: Numan Siddique <nusid...@redhat.com>
---
 python/ovs/stream.py | 1 -
 tests/ovsdb-idl.at   | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/python/ovs/stream.py b/python/ovs/stream.py
index fc0368c..660d8bb 100644
--- a/python/ovs/stream.py
+++ b/python/ovs/stream.py
@@ -767,7 +767,6 @@ class SSLStream(Stream):
         ctx = SSL.Context(SSL.SSLv23_METHOD)
         ctx.set_verify(SSL.VERIFY_PEER, SSLStream.verify_cb)
         ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
-        ctx.set_session_cache_mode(SSL.SESS_CACHE_OFF)
         # If the client has not set the SSL configuration files
         # exception would be raised.
         ctx.use_privatekey_file(Stream._SSL_private_key_file)
diff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at
index d28dfc1..4eaf87f 100644
--- a/tests/ovsdb-idl.at
+++ b/tests/ovsdb-idl.at
@@ -1185,7 +1185,7 @@ m4_define([OVSDB_CHECK_IDL_NOTIFY_SSL_PY],
   [AT_SETUP([$1 - SSL])
    AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
    AT_SKIP_IF([test $HAVE_PYTHON = no])
-   $PYTHON -m OpenSSL.SSL
+   $PYTHON -c "import OpenSSL.SSL"
    SSL_PRESENT=$?
    AT_SKIP_IF([test $SSL_PRESENT != 0])
    AT_KEYWORDS([ovsdb server idl Python notify - ssl socket])
-- 
2.9.3

_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to