Alon Bar-Lev has uploaded a new change for review. Change subject: vdsm-reg: use M2Crypto instead of pyOpenSSL ......................................................................
vdsm-reg: use M2Crypto instead of pyOpenSSL M2Crypto is much more supported and has superior coverage. Change-Id: Id16479e61777dceffaf3c0253ef2b2954e5588a9 Signed-off-by: Alon Bar-Lev <[email protected]> --- M vdsm.spec.in M vdsm_reg/deployUtil.py.in 2 files changed, 15 insertions(+), 16 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/22/8522/1 diff --git a/vdsm.spec.in b/vdsm.spec.in index 716489a..7c3d530 100644 --- a/vdsm.spec.in +++ b/vdsm.spec.in @@ -167,7 +167,7 @@ BuildArch: noarch Requires: %{name} = %{version}-%{release} -Requires: pyOpenSSL +Requires: m2crypto %description reg VDSM registration package. Used to register a Linux host to a Virtualization diff --git a/vdsm_reg/deployUtil.py.in b/vdsm_reg/deployUtil.py.in index 01205df..e10fd7f 100644 --- a/vdsm_reg/deployUtil.py.in +++ b/vdsm_reg/deployUtil.py.in @@ -1549,10 +1549,10 @@ host -- (host, port) """ - # import OpenSSL here so + # import M2Crypto here so # it be done only at vdsm-reg # which depends on pyOpenSSL - import OpenSSL + from M2Crypto import SSL, X509 # openssl verify callback does not # accept context, so we collect the chain @@ -1564,23 +1564,22 @@ # depth: certificate chain = {} - def verify(conn, cert, errnum, depth, ok): - chain[depth] = OpenSSL.crypto.dump_certificate( - OpenSSL.crypto.FILETYPE_PEM, - cert - ).decode("utf-8") + def verify(ssl_ctx_ptr, x509_ptr, errnum, errdepth, ok): + chain[errdepth] = X509.X509(x509=x509_ptr).as_pem() + return True + def check_ignore(*args, **kw): return True - ctx = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD) - ctx.set_verify(OpenSSL.SSL.VERIFY_PEER, verify) - ctx.set_verify_depth(10) - sock = OpenSSL.SSL.Connection( - ctx, - socket.socket(socket.AF_INET, socket.SOCK_STREAM) + ctx = SSL.Context() + ctx.set_verify( + SSL.verify_peer | SSL.verify_fail_if_no_peer_cert, + depth=10, + callback=verify ) + sock = SSL.Connection(ctx) + # we would like to ignore any issue with certificates + sock.set_post_connection_check_callback(check_ignore) sock.connect(host) - sock.do_handshake() - sock.shutdown() sock.close() # return sorted by depth -- To view, visit http://gerrit.ovirt.org/8522 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id16479e61777dceffaf3c0253ef2b2954e5588a9 Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ vdsm-patches mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
