def get_proper_tls_version_span(tls_version_min, tls_version_max): """ This function checks whether the given TLS versions are known in FreeIPA and that these versions fulfill the requirements for minimal TLS version (see `ipalib.constants: TLS_VERSIONS, TLS_VERSION_MINIMAL`). :param tls_version_min: the lower value in the TLS min-max span, raised to the lowest allowed value if too low :param tls_version_max: the higher value in the TLS min-max span, raised to tls_version_min if lower than TLS_VERSION_MINIMAL :raises: ValueError """ if tls_version_min is None and tls_version_max is None: # no defaults, use system's default TLS version range return None if tls_version_min is None: tls_version_min = TLS_VERSION_MINIMAL if tls_version_max is None: tls_version_max = TLS_VERSION_MAXIMAL min_allowed_idx = TLS_VERSIONS.index(TLS_VERSION_MINIMAL) try: min_version_idx = TLS_VERSIONS.index(tls_version_min) except ValueError: raise ValueError("tls_version_min ('{val}') is not a known " "TLS version.".format(val=tls_version_min)) try: max_version_idx = TLS_VERSIONS.index(tls_version_max) except ValueError: raise ValueError("tls_version_max ('{val}') is not a known " "TLS version.".format(val=tls_version_max)) if min_version_idx > max_version_idx: raise ValueError("tls_version_min is higher than " "tls_version_max.") if min_version_idx < min_allowed_idx: min_version_idx = min_allowed_idx logger.warning("tls_version_min set too low ('%s'),using '%s' instead", tls_version_min, TLS_VERSIONS[min_version_idx]) if max_version_idx < min_allowed_idx: max_version_idx = min_version_idx logger.warning("tls_version_max set too low ('%s'),using '%s' instead", tls_version_max, TLS_VERSIONS[max_version_idx]) return TLS_VERSIONS[min_version_idx:max_version_idx+1]
def get_proper_tls_version_span(tls_version_min, tls_version_max): """ This function checks whether the given TLS versions are known in FreeIPA and that these versions fulfill the requirements for minimal TLS version (see `ipalib.constants: TLS_VERSIONS, TLS_VERSION_MINIMAL`). :param tls_version_min: the lower value in the TLS min-max span, raised to the lowest allowed value if too low :param tls_version_max: the higher value in the TLS min-max span, raised to tls_version_min if lower than TLS_VERSION_MINIMAL :raises: ValueError """ min_allowed_idx = TLS_VERSIONS.index(TLS_VERSION_MINIMAL) try: min_version_idx = TLS_VERSIONS.index(tls_version_min) except ValueError: raise ValueError("tls_version_min ('{val}') is not a known " "TLS version.".format(val=tls_version_min)) try: max_version_idx = TLS_VERSIONS.index(tls_version_max) except ValueError: raise ValueError("tls_version_max ('{val}') is not a known " "TLS version.".format(val=tls_version_max)) if min_version_idx > max_version_idx: raise ValueError("tls_version_min is higher than " "tls_version_max.") if min_version_idx < min_allowed_idx: min_version_idx = min_allowed_idx root_logger.warning("tls_version_min set too low ('{old}')," "using '{new}' instead" .format(old=tls_version_min, new=TLS_VERSIONS[min_version_idx])) if max_version_idx < min_allowed_idx: max_version_idx = min_version_idx root_logger.warning("tls_version_max set too low ('{old}')," "using '{new}' instead" .format(old=tls_version_max, new=TLS_VERSIONS[max_version_idx])) return TLS_VERSIONS[min_version_idx:max_version_idx+1]
def get_proper_tls_version_span(tls_version_min, tls_version_max): """ This function checks whether the given TLS versions are known in FreeIPA and that these versions fulfill the requirements for minimal TLS version (see `ipalib.constants: TLS_VERSIONS, TLS_VERSION_MINIMAL`). :param tls_version_min: the lower value in the TLS min-max span, raised to the lowest allowed value if too low :param tls_version_max: the higher value in the TLS min-max span, raised to tls_version_min if lower than TLS_VERSION_MINIMAL :raises: ValueError """ min_allowed_idx = TLS_VERSIONS.index(TLS_VERSION_MINIMAL) try: min_version_idx = TLS_VERSIONS.index(tls_version_min) except ValueError: raise ValueError("tls_version_min ('{val}') is not a known " "TLS version.".format(val=tls_version_min)) try: max_version_idx = TLS_VERSIONS.index(tls_version_max) except ValueError: raise ValueError("tls_version_max ('{val}') is not a known " "TLS version.".format(val=tls_version_max)) if min_version_idx > max_version_idx: raise ValueError("tls_version_min is higher than " "tls_version_max.") if min_version_idx < min_allowed_idx: min_version_idx = min_allowed_idx root_logger.warning("tls_version_min set too low ('{old}')," "using '{new}' instead".format( old=tls_version_min, new=TLS_VERSIONS[min_version_idx])) if max_version_idx < min_allowed_idx: max_version_idx = min_version_idx root_logger.warning("tls_version_max set too low ('{old}')," "using '{new}' instead".format( old=tls_version_max, new=TLS_VERSIONS[max_version_idx])) return TLS_VERSIONS[min_version_idx:max_version_idx + 1]