[CalendarServer-changes] [15435] CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler. py
source_changes at macosforge.org
source_changes at macosforge.org
Mon Jan 11 10:42:26 PST 2016
Revision: 15435
http://trac.calendarserver.org//changeset/15435
Author: cdaboo at apple.com
Date: 2016-01-11 10:42:25 -0800 (Mon, 11 Jan 2016)
Log Message:
-----------
Handle case where backend ssl library does not support various SSL protocols.
Modified Paths:
--------------
CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler.py
Modified: CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler.py
===================================================================
--- CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler.py 2016-01-11 18:38:40 UTC (rev 15434)
+++ CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler.py 2016-01-11 18:42:25 UTC (rev 15435)
@@ -18,12 +18,27 @@
import socket
import ssl as sslmodule
+# Used to track what type of connection was previously used to connect to a
+# specific server so we don't need to keep iterate over all types to see what
+# works).
+cached_types = ()
+
+# ssl module may be missing some of these attributes depending on how
+# the backend ssl library is configured.
+for attrname in ("PROTOCOL_TLSv1", "PROTOCOL_SSLv3", "PROTOCOL_SSLv23"):
+ if hasattr(sslmodule, attrname):
+ cached_types += ((set(), getattr(sslmodule, attrname)),)
+if len(cached_types) == 0:
+ raise RuntimeError("Unable to find suitable SSL protocol to use")
+
+
+
class HTTPSVersionConnection(httplib.HTTPSConnection):
"""
An L{httplib.HTTPSConnection} class that allows the TLS protocol version to be set.
"""
- def __init__(self, host, port, ssl_version=sslmodule.PROTOCOL_TLSv1):
+ def __init__(self, host, port, ssl_version=cached_types[0][1]):
httplib.HTTPSConnection.__init__(self, host, port)
self._ssl_version = ssl_version
@@ -35,11 +50,6 @@
self.sock = sslmodule.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=self._ssl_version)
-cached_types = (
- (set(), sslmodule.PROTOCOL_TLSv1),
- (set(), sslmodule.PROTOCOL_SSLv3),
- (set(), sslmodule.PROTOCOL_SSLv23),
-)
class UnixSocketHTTPConnection(httplib.HTTPConnection):
"""
@@ -63,6 +73,9 @@
def SmartHTTPConnection(host, port, ssl, afunix):
"""
Create the appropriate L{httplib.HTTPConnection} derived class for the supplied arguments.
+ This attempts to connect to a server using the available SSL protocol types (as per
+ L{cached_types} and if that succeeds it records the host/port in L{cached_types} for
+ use with subsequent connections.
@param host: TCP host name
@type host: L{str}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20160111/5c0a796d/attachment-0001.html>
More information about the calendarserver-changes
mailing list