[CalendarServer-changes] [14137] CalDAVTester/trunk/src/httpshandler.py
source_changes at macosforge.org
source_changes at macosforge.org
Thu Nov 6 13:47:35 PST 2014
Revision: 14137
http://trac.calendarserver.org//changeset/14137
Author: cdaboo at apple.com
Date: 2014-11-06 13:47:35 -0800 (Thu, 06 Nov 2014)
Log Message:
-----------
Better TLS version handling.
Modified Paths:
--------------
CalDAVTester/trunk/src/httpshandler.py
Modified: CalDAVTester/trunk/src/httpshandler.py
===================================================================
--- CalDAVTester/trunk/src/httpshandler.py 2014-11-06 16:28:29 UTC (rev 14136)
+++ CalDAVTester/trunk/src/httpshandler.py 2014-11-06 21:47:35 UTC (rev 14137)
@@ -16,60 +16,52 @@
import httplib
import socket
-_haveSSL = False
-try:
- import ssl as sslmodule
- _haveSSL = True
-except ImportError:
- pass
+import ssl as sslmodule
-if _haveSSL:
- class HTTPSConnection_SSLv3(httplib.HTTPSConnection):
- "This class allows communication via SSL."
+class HTTPSVersionConnection(httplib.HTTPSConnection):
+ "This class allows communication via SSL."
- def connect(self):
- "Connect to a host on a given (SSL) port."
+ def __init__(self, host, port, ssl_version=sslmodule.PROTOCOL_TLSv1):
+ httplib.HTTPSConnection.__init__(self, host, port)
+ self._ssl_version = ssl_version
- sock = socket.create_connection((self.host, self.port), self.timeout)
- self.sock = sslmodule.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=sslmodule.PROTOCOL_SSLv3)
-else:
- HTTPSConnection_SSLv3 = httplib.HTTPSConnection
-https_v23_connects = set()
-https_v3_connects = set()
+ def connect(self):
+ "Connect to a host on a given (SSL) port."
+ sock = socket.create_connection((self.host, self.port), self.timeout)
+ self.sock = sslmodule.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=self._ssl_version)
+
+
+cached_types = (
+ (set(), sslmodule.PROTOCOL_TLSv1),
+ (set(), sslmodule.PROTOCOL_SSLv3),
+ (set(), sslmodule.PROTOCOL_SSLv23),
+)
+
def SmartHTTPConnection(host, port, ssl):
- def trySSL(cls,):
- connect = cls(host, port)
+ def trySSL(version):
+ connect = HTTPSVersionConnection(host, port, ssl_version=version)
connect.connect()
return connect
if ssl:
- if (host, port) in https_v3_connects:
+ for cached, connection_type in cached_types:
+ if (host, port) in cached:
+ try:
+ return trySSL(connection_type)
+ except:
+ cached.remove((host, port))
+
+ for cached, connection_type in cached_types:
try:
- return trySSL(HTTPSConnection_SSLv3)
+ cached.add((host, port))
+ return trySSL(connection_type)
except:
- https_v3_connects.remove((host, port))
- elif (host, port) in https_v23_connects:
- try:
- return trySSL(httplib.HTTPSConnection)
- except:
- https_v23_connects.remove((host, port))
+ cached.remove((host, port))
- try:
- https_v3_connects.add((host, port))
- return trySSL(HTTPSConnection_SSLv3)
- except:
- https_v3_connects.remove((host, port))
-
- try:
- https_v23_connects.add((host, port))
- return trySSL(httplib.HTTPSConnection)
- except:
- https_v23_connects.remove((host, port))
-
- raise RuntimeError("Cannot connect via with SSLv23 or SSLv3")
+ raise RuntimeError("Cannot connect via with TLSv1, SSLv3 or SSLv23")
else:
connect = httplib.HTTPConnection(host, port)
connect.connect()
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20141106/d88a9c52/attachment.html>
More information about the calendarserver-changes
mailing list