Esempio n. 1
0
def get_proper_tls_version_span(tls_version_min, tls_version_max):
    """
    This function checks whether the given TLS versions are known in
    FreeIPA and that these versions fulfill the requirements for minimal
    TLS version (see
    `ipalib.constants: TLS_VERSIONS, TLS_VERSION_MINIMAL`).

    :param tls_version_min:
        the lower value in the TLS min-max span, raised to the lowest
        allowed value if too low
    :param tls_version_max:
        the higher value in the TLS min-max span, raised to tls_version_min
        if lower than TLS_VERSION_MINIMAL
    :raises: ValueError
    """
    if tls_version_min is None and tls_version_max is None:
        # no defaults, use system's default TLS version range
        return None
    if tls_version_min is None:
        tls_version_min = TLS_VERSION_MINIMAL
    if tls_version_max is None:
        tls_version_max = TLS_VERSION_MAXIMAL
    min_allowed_idx = TLS_VERSIONS.index(TLS_VERSION_MINIMAL)

    try:
        min_version_idx = TLS_VERSIONS.index(tls_version_min)
    except ValueError:
        raise ValueError("tls_version_min ('{val}') is not a known "
                         "TLS version.".format(val=tls_version_min))

    try:
        max_version_idx = TLS_VERSIONS.index(tls_version_max)
    except ValueError:
        raise ValueError("tls_version_max ('{val}') is not a known "
                         "TLS version.".format(val=tls_version_max))

    if min_version_idx > max_version_idx:
        raise ValueError("tls_version_min is higher than "
                         "tls_version_max.")

    if min_version_idx < min_allowed_idx:
        min_version_idx = min_allowed_idx
        logger.warning("tls_version_min set too low ('%s'),using '%s' instead",
                       tls_version_min, TLS_VERSIONS[min_version_idx])

    if max_version_idx < min_allowed_idx:
        max_version_idx = min_version_idx
        logger.warning("tls_version_max set too low ('%s'),using '%s' instead",
                       tls_version_max, TLS_VERSIONS[max_version_idx])
    return TLS_VERSIONS[min_version_idx:max_version_idx+1]
Esempio n. 2
0
def get_proper_tls_version_span(tls_version_min, tls_version_max):
    """
    This function checks whether the given TLS versions are known in
    FreeIPA and that these versions fulfill the requirements for minimal
    TLS version (see
    `ipalib.constants: TLS_VERSIONS, TLS_VERSION_MINIMAL`).

    :param tls_version_min:
        the lower value in the TLS min-max span, raised to the lowest
        allowed value if too low
    :param tls_version_max:
        the higher value in the TLS min-max span, raised to tls_version_min
        if lower than TLS_VERSION_MINIMAL
    :raises: ValueError
    """
    min_allowed_idx = TLS_VERSIONS.index(TLS_VERSION_MINIMAL)

    try:
        min_version_idx = TLS_VERSIONS.index(tls_version_min)
    except ValueError:
        raise ValueError("tls_version_min ('{val}') is not a known "
                         "TLS version.".format(val=tls_version_min))

    try:
        max_version_idx = TLS_VERSIONS.index(tls_version_max)
    except ValueError:
        raise ValueError("tls_version_max ('{val}') is not a known "
                         "TLS version.".format(val=tls_version_max))

    if min_version_idx > max_version_idx:
        raise ValueError("tls_version_min is higher than "
                         "tls_version_max.")

    if min_version_idx < min_allowed_idx:
        min_version_idx = min_allowed_idx
        root_logger.warning("tls_version_min set too low ('{old}'),"
                            "using '{new}' instead"
                            .format(old=tls_version_min,
                                    new=TLS_VERSIONS[min_version_idx]))

    if max_version_idx < min_allowed_idx:
        max_version_idx = min_version_idx
        root_logger.warning("tls_version_max set too low ('{old}'),"
                            "using '{new}' instead"
                            .format(old=tls_version_max,
                                    new=TLS_VERSIONS[max_version_idx]))
    return TLS_VERSIONS[min_version_idx:max_version_idx+1]
Esempio n. 3
0
def get_proper_tls_version_span(tls_version_min, tls_version_max):
    """
    This function checks whether the given TLS versions are known in
    FreeIPA and that these versions fulfill the requirements for minimal
    TLS version (see
    `ipalib.constants: TLS_VERSIONS, TLS_VERSION_MINIMAL`).

    :param tls_version_min:
        the lower value in the TLS min-max span, raised to the lowest
        allowed value if too low
    :param tls_version_max:
        the higher value in the TLS min-max span, raised to tls_version_min
        if lower than TLS_VERSION_MINIMAL
    :raises: ValueError
    """
    min_allowed_idx = TLS_VERSIONS.index(TLS_VERSION_MINIMAL)

    try:
        min_version_idx = TLS_VERSIONS.index(tls_version_min)
    except ValueError:
        raise ValueError("tls_version_min ('{val}') is not a known "
                         "TLS version.".format(val=tls_version_min))

    try:
        max_version_idx = TLS_VERSIONS.index(tls_version_max)
    except ValueError:
        raise ValueError("tls_version_max ('{val}') is not a known "
                         "TLS version.".format(val=tls_version_max))

    if min_version_idx > max_version_idx:
        raise ValueError("tls_version_min is higher than " "tls_version_max.")

    if min_version_idx < min_allowed_idx:
        min_version_idx = min_allowed_idx
        root_logger.warning("tls_version_min set too low ('{old}'),"
                            "using '{new}' instead".format(
                                old=tls_version_min,
                                new=TLS_VERSIONS[min_version_idx]))

    if max_version_idx < min_allowed_idx:
        max_version_idx = min_version_idx
        root_logger.warning("tls_version_max set too low ('{old}'),"
                            "using '{new}' instead".format(
                                old=tls_version_max,
                                new=TLS_VERSIONS[max_version_idx]))
    return TLS_VERSIONS[min_version_idx:max_version_idx + 1]