[CalendarServer-changes] [14151] CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler. py
source_changes at macosforge.org
source_changes at macosforge.org
Mon Nov 10 13:34:20 PST 2014
Revision: 14151
http://trac.calendarserver.org//changeset/14151
Author: cdaboo at apple.com
Date: 2014-11-10 13:34:20 -0800 (Mon, 10 Nov 2014)
Log Message:
-----------
Better TLS handling.
Modified Paths:
--------------
CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler.py
Modified: CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler.py
===================================================================
--- CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler.py 2014-11-10 19:44:51 UTC (rev 14150)
+++ CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler.py 2014-11-10 21:34:20 UTC (rev 14151)
@@ -18,51 +18,50 @@
import socket
import ssl as sslmodule
-class HTTPSConnection_SSLv3(httplib.HTTPSConnection):
+class HTTPSVersionConnection(httplib.HTTPSConnection):
"This class allows communication via SSL."
+ def __init__(self, host, port, ssl_version=sslmodule.PROTOCOL_TLSv1):
+ httplib.HTTPSConnection.__init__(self, host, port)
+ self._ssl_version = ssl_version
+
+
def connect(self):
"Connect to a host on a given (SSL) port."
sock = socket.create_connection((self.host, self.port), self.timeout)
- self.sock = sslmodule.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=sslmodule.PROTOCOL_SSLv3)
+ self.sock = sslmodule.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=self._ssl_version)
-https_v23_connects = set()
-https_v3_connects = set()
+cached_types = (
+ (set(), sslmodule.PROTOCOL_TLSv1),
+ (set(), sslmodule.PROTOCOL_SSLv3),
+ (set(), sslmodule.PROTOCOL_SSLv23),
+)
def SmartHTTPConnection(host, port, ssl):
- def trySSL(cls,):
- connect = cls(host, port)
+ def trySSL(version):
+ connect = HTTPSVersionConnection(host, port, ssl_version=version)
connect.connect()
return connect
if ssl:
- if (host, port) in https_v3_connects:
+ for cached, connection_type in cached_types:
+ if (host, port) in cached:
+ try:
+ return trySSL(connection_type)
+ except:
+ cached.remove((host, port))
+
+ for cached, connection_type in cached_types:
try:
- return trySSL(HTTPSConnection_SSLv3)
+ cached.add((host, port))
+ return trySSL(connection_type)
except:
- https_v3_connects.remove((host, port))
- elif (host, port) in https_v23_connects:
- try:
- return trySSL(httplib.HTTPSConnection)
- except:
- https_v23_connects.remove((host, port))
+ cached.remove((host, port))
- try:
- https_v3_connects.add((host, port))
- return trySSL(HTTPSConnection_SSLv3)
- except:
- https_v3_connects.remove((host, port))
-
- try:
- https_v23_connects.add((host, port))
- return trySSL(httplib.HTTPSConnection)
- except:
- https_v23_connects.remove((host, port))
-
- raise RuntimeError("Cannot connect via with SSLv23 or SSLv3")
+ raise RuntimeError("Cannot connect via with TLSv1, SSLv3 or SSLv23")
else:
connect = httplib.HTTPConnection(host, port)
connect.connect()
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20141110/d172617a/attachment.html>
More information about the calendarserver-changes
mailing list