Reviewers: ,
Please review this at http://codereview.tryton.org/110004/
Affected files:
M tryton/fingerprints.py
M tryton/jsonrpc.py
Index: tryton/fingerprints.py
===================================================================
--- a/tryton/fingerprints.py
+++ b/tryton/fingerprints.py
@@ -21,7 +21,7 @@
try:
host, sha1 = line.split(' ')
except ValueError:
- continue
+ host, sha1 = line, ''
self[host] = sha1
def save(self):
@@ -32,6 +32,9 @@
def __setitem__(self, key, value):
assert isinstance(key, basestring)
- assert len(value) == 59 # len of formated sha1
+ if value:
+ assert len(value) == 59 # len of formated sha1
+ else:
+ value = ''
super(Fingerprints, self).__setitem__(key, value)
self.save()
Index: tryton/jsonrpc.py
===================================================================
--- a/tryton/jsonrpc.py
+++ b/tryton/jsonrpc.py
@@ -132,7 +132,6 @@
def make_connection(self, host):
if self.__connection and host == self.__connection[0]:
return self.__connection[1]
- fingerprint = None
host, extra_headers, x509 = self.get_host_info(host)
ca_certs = self.__ca_certs
@@ -149,27 +148,41 @@
self.sock = ssl.wrap_socket(sock, self.key_file,
self.cert_file, ca_certs=ca_certs, cert_reqs=cert_reqs)
- self.__connection = host, HTTPSConnection(host)
- try:
- self.__connection[1].connect()
- sock = self.__connection[1].sock
+ def http_connection():
+ self.__connection = host, httplib.HTTPConnection(host)
+
+ def https_connection():
+ self.__connection = host, HTTPSConnection(host)
try:
- peercert = sock.getpeercert(True)
- except socket.error:
- peercert = None
- def format_hash(value):
- return reduce(lambda x, y: x + y[1].upper() +
- ((y[0] % 2 and y[0] + 1 < len(value)) and ':'
or ''),
- enumerate(value), '')
- fingerprint = format_hash(hashlib.sha1(peercert).hexdigest())
- except ssl.SSLError, e:
- self.__connection = host, httplib.HTTPConnection(host)
+ self.__connection[1].connect()
+ sock = self.__connection[1].sock
+ try:
+ peercert = sock.getpeercert(True)
+ except socket.error:
+ peercert = None
+ def format_hash(value):
+ return reduce(lambda x, y: x + y[1].upper() +
+ ((y[0] % 2 and y[0] + 1 < len(value)) and ':'
or ''),
+ enumerate(value), '')
+ return format_hash(hashlib.sha1(peercert).hexdigest())
+ except ssl.SSLError, e:
+ http_connection()
+
+ fingerprint = ''
+ if self.__fingerprints is not None and host in self.__fingerprints:
+ if self.__fingerprints[host]:
+ fingerprint = https_connection()
+ else:
+ http_connection()
+ else:
+ fingerprint = https_connection()
+
if self.__fingerprints is not None:
- if host in self.__fingerprints:
+ if host in self.__fingerprints and self.__fingerprints[host]:
if self.__fingerprints[host] != fingerprint:
self.close()
raise ssl.SSLError('BadFingerprint')
- elif fingerprint:
+ else:
self.__fingerprints[host] = fingerprint
return self.__connection[1]
--
tryton-dev@googlegroups.com mailing list
