Juan Hernandez has posted comments on this change.
Change subject: Implement SSL session cache
......................................................................
Patch Set 9: (5 inline comments)
....................................................
File vdsm/SecureXMLRPCServer.py
Line 49: The rest of the methods are just delegated to the SSL connection
Line 50: class.
Line 51: """
Line 52:
Line 53: def __init__(self, raw, certfile=None, keyfile=None, ca_certs=None,
I think that doesn't belong in this change.
Line 54: session_id="vdsm"):
Line 55: # Create the SSL context:
Line 56: self.context = SSL.Context(protocol="sslv23")
Line 57: self.context.set_session_id_ctx(session_id)
Line 52:
Line 53: def __init__(self, raw, certfile=None, keyfile=None, ca_certs=None,
Line 54: session_id="vdsm"):
Line 55: # Create the SSL context:
Line 56: self.context = SSL.Context(protocol="sslv23")
I will add a parameter, but I don't want to change the previous behaviour other
than add the caching.
Line 57: self.context.set_session_id_ctx(session_id)
Line 58:
Line 59: # Load the server certificate and key files:
Line 60: if certfile and keyfile:
Line 57: self.context.set_session_id_ctx(session_id)
Line 58:
Line 59: # Load the server certificate and key files:
Line 60: if certfile and keyfile:
Line 61: self.context.load_cert(certfile, keyfile)
Yes, why not.
Line 62:
Line 63: def verify(context, certificate, error, depth, result):
Line 64: # The validation of the client certificate has already been
Line 65: # performed by the OpenSSL library and the handhake
already aborted
Line 101: # SSL connection:
Line 102: return getattr(self.connection, name)
Line 103:
Line 104:
Line 105: class SSLClientSocket(object):
I think that VDSM is the server and the engine (or whatever) is the client,
thus the names. If you don't like them I am open to use whatever you prefer.
Line 106: """SSL decorator for client sockets.
Line 107:
Line 108: This class wraps a client socket returned by the accept method of
a
Line 109: server socket providing the SSL socket methods that are missing in
....................................................
File vdsm.spec.in
Line 40: # BuildRequires needed by the tests during the build
Line 41: BuildRequires: python-ethtool
Line 42: BuildRequires: libvirt-python
Line 43: BuildRequires: genisoimage
Line 44: BuildRequires: openssl
To run the tests, they use "openssl s_client ...".
Line 45: %if 0%{?rhel}
Line 46: BuildRequires: python-ordereddict
Line 47: %endif
Line 48:
--
To view, visit http://gerrit.ovirt.org/8123
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: Ic75adee4070b415b8855af1f2ea289825496fbc1
Gerrit-PatchSet: 9
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Dan Kenigsberg <[email protected]>
Gerrit-Reviewer: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Saggi Mizrahi <[email protected]>
Gerrit-Reviewer: Yaniv Bronhaim <[email protected]>
Gerrit-Reviewer: Yaniv Kaul <[email protected]>
Gerrit-Reviewer: oVirt Jenkins CI Server
_______________________________________________
vdsm-patches mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
