def _ssl_handshake(self):
        """
        Perform an SSL handshake w/ the server.
        Precondition: a successful STARTTLS exchange has
                     taken place with Riak
        returns True upon success, otherwise an exception is raised
        """
        if self._client._credentials:
            ssl_ctx = \
                Context(self._client._credentials.ssl_version)
            try:
                configure_context(ssl_ctx, self._client._credentials)
                # attempt to upgrade the socket to SSL
                ssl_socket = Connection(ssl_ctx, self._socket)
                ssl_socket.set_connect_state()
                ssl_socket.do_handshake()
                # ssl handshake successful
                self._socket = ssl_socket

                if self._client._credentials.has_credential('crl'):
                    self._client._credentials.check_revoked_cert(ssl_socket)

                return True
            except Exception as e:
                # fail if *any* exceptions are thrown during SSL handshake
                raise RiakError(e.message)
Esempio n. 2
0
    def _ssl_handshake(self):
        """
        Perform an SSL handshake w/ the server.
        Precondition: a successful STARTTLS exchange has
                     taken place with Riak
        returns True upon success, otherwise an exception is raised
        """
        if self._client._credentials:
            ssl_ctx = \
                Context(self._client._credentials.ssl_version)
            try:
                configure_context(ssl_ctx, self._client._credentials)
                # attempt to upgrade the socket to SSL
                ssl_socket = Connection(ssl_ctx, self._socket)
                ssl_socket.set_connect_state()
                ssl_socket.do_handshake()
                # ssl handshake successful
                self._socket = ssl_socket

                self._client._credentials._check_revoked_cert(ssl_socket)

                return True
            except Exception as e:
                # fail if *any* exceptions are thrown during SSL handshake
                raise SecurityError(e.message)
Esempio n. 3
0
    def connect(self):
        """
        Connect to a host on a given (SSL) port using PyOpenSSL.
        """
        sock = socket.create_connection((self.host, self.port), self.timeout)
        ssl_ctx = OpenSSL.SSL.Context(self.credentials.ssl_version)
        configure_context(ssl_ctx, self.credentials)

        # attempt to upgrade the socket to SSL
        cxn = OpenSSL.SSL.Connection(ssl_ctx, sock)
        cxn.set_connect_state()
        while True:
            try:
                cxn.do_handshake()
            except OpenSSL.SSL.WantReadError:
                select.select([sock], [], [])
                continue
            except OpenSSL.SSL.Error as e:
                raise SecurityError('bad handshake - ' + str(e))
            break

        self.sock = RiakWrappedSocket(cxn, sock)
        self.credentials._check_revoked_cert(self.sock)