def create_ctx(self):
'''
This method sets the right ssl context to disable hostname checking
and certificate validation.
'''
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
return ctx
def email(_to, subject, body):
_from = "*****@*****.**"
message = MIMEMultipart("alternative")
message["Subject"] = subject
message["From"] = _from
message["To"] = _to
# Turn these into plain/html MIMEText objects
part = MIMEText(body, "html")
# Add HTML/plain-text parts to MIMEMultipart message
message.attach(part)
# Create secure connection with server and send email
context = ssl.create_default_context()
with smtplib.SMTP_SSL("mail.main.com", 465, context=context) as server:
server.login(_from, "Japanitoes")
if server.sendmail(_from, _to, message.as_string()):
return True
else:
return False
def test_ssl_context(self):
def serve(listener):
sock, addr = listener.accept()
sock.recv(8192)
sock.sendall(b'response')
sock = listen_ssl_socket()
server_coro = eventlet.spawn(serve, sock)
context = ssl.create_default_context()
context.verify_mode = ssl.CERT_REQUIRED
context.check_hostname = True
context.load_verify_locations(tests.certificate_file)
client = context.wrap_socket(eventlet.connect(sock.getsockname()),
server_hostname='Test')
client.sendall(b'line 1\r\nline 2\r\n\r\n')
self.assertEqual(client.recv(8192), b'response')
server_coro.wait()
def test_client_check_hostname(self):
# stdlib API compatibility
# https://github.com/eventlet/eventlet/issues/567
def serve(listener):
sock, addr = listener.accept()
sock.recv(64)
sock.sendall(b"response")
sock.close()
listener = listen_ssl_socket()
server_coro = eventlet.spawn(serve, listener)
ctx = ssl.create_default_context()
ctx.verify_mode = ssl.CERT_REQUIRED
ctx.check_hostname = True
ctx.load_verify_locations(tests.certificate_file)
ctx.load_cert_chain(tests.certificate_file, tests.private_key_file)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client = ctx.wrap_socket(sock, server_hostname="Test")
client.connect(listener.getsockname())
client.send(b"check_hostname works")
client.recv(64)
server_coro.wait()
def __init__(self, app, conf):
self.app = app
self.logger = get_logger(conf, log_route='memcache')
self.memcache_servers = conf.get('memcache_servers')
serialization_format = conf.get('memcache_serialization_support')
try:
# Originally, while we documented using memcache_max_connections
# we only accepted max_connections
max_conns = int(
conf.get('memcache_max_connections',
conf.get('max_connections', 0)))
except ValueError:
max_conns = 0
memcache_options = {}
if (not self.memcache_servers or serialization_format is None
or max_conns <= 0):
path = os.path.join(conf.get('swift_dir', '/etc/swift'),
'memcache.conf')
memcache_conf = ConfigParser()
if memcache_conf.read(path):
# if memcache.conf exists we'll start with those base options
try:
memcache_options = dict(memcache_conf.items('memcache'))
except NoSectionError:
pass
if not self.memcache_servers:
try:
self.memcache_servers = \
memcache_conf.get('memcache', 'memcache_servers')
except (NoSectionError, NoOptionError):
pass
if serialization_format is None:
try:
serialization_format = \
memcache_conf.get('memcache',
'memcache_serialization_support')
except (NoSectionError, NoOptionError):
pass
if max_conns <= 0:
try:
new_max_conns = \
memcache_conf.get('memcache',
'memcache_max_connections')
max_conns = int(new_max_conns)
except (NoSectionError, NoOptionError, ValueError):
pass
# while memcache.conf options are the base for the memcache
# middleware, if you set the same option also in the filter
# section of the proxy config it is more specific.
memcache_options.update(conf)
connect_timeout = float(
memcache_options.get('connect_timeout', CONN_TIMEOUT))
pool_timeout = float(memcache_options.get('pool_timeout',
POOL_TIMEOUT))
tries = int(memcache_options.get('tries', TRY_COUNT))
io_timeout = float(memcache_options.get('io_timeout', IO_TIMEOUT))
if config_true_value(memcache_options.get('tls_enabled', 'false')):
tls_cafile = memcache_options.get('tls_cafile')
tls_certfile = memcache_options.get('tls_certfile')
tls_keyfile = memcache_options.get('tls_keyfile')
self.tls_context = ssl.create_default_context(cafile=tls_cafile)
if tls_certfile:
self.tls_context.load_cert_chain(tls_certfile, tls_keyfile)
else:
self.tls_context = None
error_suppression_interval = float(
memcache_options.get('error_suppression_interval',
ERROR_LIMIT_TIME))
error_suppression_limit = float(
memcache_options.get('error_suppression_limit', ERROR_LIMIT_COUNT))
if not self.memcache_servers:
self.memcache_servers = '127.0.0.1:11211'
if max_conns <= 0:
max_conns = 2
if serialization_format is None:
serialization_format = 2
else:
serialization_format = int(serialization_format)
self.memcache = MemcacheRing(
[s.strip() for s in self.memcache_servers.split(',') if s.strip()],
connect_timeout=connect_timeout,
pool_timeout=pool_timeout,
tries=tries,
io_timeout=io_timeout,
allow_pickle=(serialization_format == 0),
allow_unpickle=(serialization_format <= 1),
max_conns=max_conns,
tls_context=self.tls_context,
logger=self.logger,
error_limit_count=error_suppression_limit,
error_limit_time=error_suppression_interval,
error_limit_duration=error_suppression_interval)
__author__ = 'vincent'
import re
import platform
import random
import logging
import eventlet
from eventlet.green import socket
from eventlet.green import ssl
cert = "./cacert.pem"
ciphers = "ECDHE-RSA-AES128-SHA"
query = ("HEAD /search?q=g HTTP/1.1\r\nHost: www.google.com.hk\r\n\r\n"
"GET /%s HTTP/1.1\r\nHost: azzvxgoagent%s.appspot.com\r\n"
"Connection: close\r\n\r\n") % (platform.python_version(), random.randrange(7))
ctx = ssl.create_default_context(cafile=cert)
ctx.verify_mode = ssl.CERT_REQUIRED
ctx.set_ciphers(ciphers)
ctx.check_hostname = False
patterns = []
patterns.append(re.compile("HTTP/1\.[0-1].+?([\d]{1,3})"))
patterns.append(re.compile("Server: (.+)"))
def test_socket(ip_q, socket_q, ssl_q, socket_timeout):
while True:
if ssl_q.full():
return
c = socket.socket()
c.settimeout(socket_timeout)
try: