[CalendarServer-changes] [15435] CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler. py

source_changes at macosforge.org source_changes at macosforge.org
Mon Jan 11 10:42:26 PST 2016 

Revision: 15435
          http://trac.calendarserver.org//changeset/15435
Author:   cdaboo at apple.com
Date:     2016-01-11 10:42:25 -0800 (Mon, 11 Jan 2016)
Log Message:
-----------
Handle case where backend ssl library does not support various SSL protocols.

Modified Paths:
--------------
    CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler.py

Modified: CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler.py
===================================================================
--- CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler.py	2016-01-11 18:38:40 UTC (rev 15434)
+++ CalDAVClientLibrary/trunk/caldavclientlibrary/client/httpshandler.py	2016-01-11 18:42:25 UTC (rev 15435)
@@ -18,12 +18,27 @@
 import socket
 import ssl as sslmodule
 
+# Used to track what type of connection was previously used to connect to a
+# specific server so we don't need to keep iterate over all types to see what
+# works).
+cached_types = ()
+
+# ssl module may be missing some of these attributes depending on how
+# the backend ssl library is configured.
+for attrname in ("PROTOCOL_TLSv1", "PROTOCOL_SSLv3", "PROTOCOL_SSLv23"):
+    if hasattr(sslmodule, attrname):
+        cached_types += ((set(), getattr(sslmodule, attrname)),)
+if len(cached_types) == 0:
+    raise RuntimeError("Unable to find suitable SSL protocol to use")
+
+
+
 class HTTPSVersionConnection(httplib.HTTPSConnection):
     """
     An L{httplib.HTTPSConnection} class that allows the TLS protocol version to be set.
     """
 
-    def __init__(self, host, port, ssl_version=sslmodule.PROTOCOL_TLSv1):
+    def __init__(self, host, port, ssl_version=cached_types[0][1]):
         httplib.HTTPSConnection.__init__(self, host, port)
         self._ssl_version = ssl_version
 
@@ -35,11 +50,6 @@
         self.sock = sslmodule.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=self._ssl_version)
 
 
-cached_types = (
-    (set(), sslmodule.PROTOCOL_TLSv1),
-    (set(), sslmodule.PROTOCOL_SSLv3),
-    (set(), sslmodule.PROTOCOL_SSLv23),
-)
 
 class UnixSocketHTTPConnection(httplib.HTTPConnection):
     """
@@ -63,6 +73,9 @@
 def SmartHTTPConnection(host, port, ssl, afunix):
     """
     Create the appropriate L{httplib.HTTPConnection} derived class for the supplied arguments.
+    This attempts to connect to a server using the available SSL protocol types (as per
+    L{cached_types} and if that succeeds it records the host/port in L{cached_types} for
+    use with subsequent connections.
 
     @param host: TCP host name
     @type host: L{str}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20160111/5c0a796d/attachment-0001.html>

More information about the calendarserver-changes mailing list