Juan Hernandez has posted comments on this change.
Change subject: Implement SSL session cache
......................................................................
Patch Set 5: (6 inline comments)
....................................................
File tests/sslTests.py
Line 87: simple SSL server.
Line 88: """
Line 89:
Line 90: # Save the key to a file:
Line 91: tmp = tempfile.NamedTemporaryFile(delete=False)
Makes sense, will do.
Line 92: tmp.write(KEY)
Line 93: tmp.close()
Line 94: self.keyfile = tmp.name
Line 95:
Line 153: "-connect", "%s:%d" % ADDRESS,
Line 154: ]
Line 155: if args:
Line 156: command += args
Line 157: print("command=%s" % str(command))
Do you mean the parenthesis in the "print" statement? I always use that, as it
seems natural to me (coming from the Java world, where System.out.println()
always requires parenthesis). In addition they ease the migration to python 3.
I am open to remove the parenthesis if you find them offending.
Regarding the "str" call, you are right, will remove it.
Line 158: process = subprocess.Popen(command,
Line 159: stdin=subprocess.PIPE,
Line 160: stdout=subprocess.PIPE,
Line 161: stderr=subprocess.PIPE)
Line 217: connecting two times without stopping the server.
Line 218: """
Line 219:
Line 220: # Create a temporary file to store the session details:
Line 221: tmp = tempfile.NamedTemporaryFile(delete=False)
Good, will do.
Line 222:
Line 223: # Connect first time and save the session to a file:
Line 224: rc, out = self.runSClient([
Line 225: "-cert", self.certfile,
Line 289: """
Line 290:
Line 291:
Line 292: # Self signed certificate used for the tests:
Line 293: CERTIFICATE = """
I hope I will be retired by then :-) . But I will add a comment to make this
explicit.
Line 294: -----BEGIN CERTIFICATE-----
Line 295: MIIC8zCCAdugAwIBAgIBADANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDDAkxMjcu
Line 296: MC4wLjEwHhcNMTIwOTI4MTcyMzE3WhcNMjIwOTI2MTcyMzE3WjAUMRIwEAYDVQQD
Line 297: DAkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDapPcH
....................................................
File vdsm/SecureXMLRPCServer.py
Line 93:
Line 94: def accept(self):
Line 95: # Get the client socket and address calling the accept method
of
Line 96: # the raw socket and replace the client socket with a wrapper:
Line 97: client, address = self.raw.accept()
Yes, you are right. The context is an attribute of the SSLServerSocket, and
that is created only once, when the server is started. OpenSSL automatically
caches sessions, but only if the context is reused. I will try to make that
clearer in the commit message.
Line 98: client = SSLClientSocket(client, self.context)
Line 99: return client, address
Line 100:
Line 101:
Line 105: This class wraps a client socket returned by the accept
Line 106: method of a server socket providing the SSL functionality.
Line 107: """
Line 108:
Line 109: def __init__(self, raw, context):
The "caching" is actually here: the context created in the __init__ method of
the server socket is propagated to the client socket. I will improve these
comments to try to make it clearer.
Line 110: # Save the reference to the raw client socket so that we can
Line 111: # delegate calls to it later:
Line 112: self.raw = raw
Line 113: self.context = context
--
To view, visit http://gerrit.ovirt.org/8123
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Ic75adee4070b415b8855af1f2ea289825496fbc1
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Dan Kenigsberg <[email protected]>
Gerrit-Reviewer: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Saggi Mizrahi <[email protected]>
Gerrit-Reviewer: Yaniv Bronhaim <[email protected]>
Gerrit-Reviewer: Yaniv Kaul <[email protected]>
_______________________________________________
vdsm-patches mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
