def _ssl_handshake(self):
"""
Perform an SSL handshake w/ the server.
Precondition: a successful STARTTLS exchange has
taken place with Riak
returns True upon success, otherwise an exception is raised
"""
credentials = self._client._credentials
if credentials:
try:
ssl_ctx = configure_ssl_context(credentials)
host = self._address[0]
ssl_socket = ssl.SSLSocket(sock=self._socket,
keyfile=credentials.pkey_file,
certfile=credentials.cert_file,
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=credentials.
cacert_file,
ciphers=credentials.ciphers,
server_hostname=host)
ssl_socket.context = ssl_ctx
# ssl handshake successful
ssl_socket.do_handshake()
self._socket = ssl_socket
return True
except ssl.SSLError as e:
raise SecurityError(e)
except Exception as e:
# fail if *any* exceptions are thrown during SSL handshake
raise SecurityError(e)
def connect(self):
"""
Connect to a host on a given (SSL) port using PyOpenSSL.
"""
sock = socket.create_connection((self.host, self.port), self.timeout)
if PY2:
ssl_ctx = configure_pyopenssl_context(self.credentials)
# attempt to upgrade the socket to TLS
cxn = OpenSSL.SSL.Connection(ssl_ctx, sock)
cxn.set_connect_state()
while True:
try:
cxn.do_handshake()
except OpenSSL.SSL.WantReadError:
select.select([sock], [], [])
continue
except OpenSSL.SSL.Error as e:
raise SecurityError('bad handshake - ' + str(e))
break
self.sock = RiakWrappedSocket(cxn, sock)
self.credentials._check_revoked_cert(self.sock)
else:
ssl_ctx = configure_ssl_context(self.credentials)
host = "riak@" + self.host
self.sock = ssl.SSLSocket(sock=sock,
keyfile=self.credentials.pkey_file,
certfile=self.credentials.cert_file,
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=self.credentials.cacert_file,
ciphers=self.credentials.ciphers,
server_hostname=host)
self.sock.context = ssl_ctx
def connect(self):
"""
Connect to a host on a given (SSL) port using PyOpenSSL.
"""
sock = socket.create_connection((self.host, self.port), self.timeout)
if PY2:
ssl_ctx = configure_pyopenssl_context(self.credentials)
# attempt to upgrade the socket to TLS
cxn = OpenSSL.SSL.Connection(ssl_ctx, sock)
cxn.set_connect_state()
while True:
try:
cxn.do_handshake()
except OpenSSL.SSL.WantReadError:
select.select([sock], [], [])
continue
except OpenSSL.SSL.Error as e:
raise SecurityError('bad handshake - ' + str(e))
break
self.sock = RiakWrappedSocket(cxn, sock)
self.credentials._check_revoked_cert(self.sock)
else:
ssl_ctx = configure_ssl_context(self.credentials)
host = "riak@" + self.host
self.sock = ssl.SSLSocket(sock=sock,
keyfile=self.credentials.pkey_file,
certfile=self.credentials.cert_file,
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=self.credentials.cacert_file,
ciphers=self.credentials.ciphers,
server_hostname=host)
self.sock.context = ssl_ctx
def _ssl_handshake(self):
"""
Perform an SSL handshake w/ the server.
Precondition: a successful STARTTLS exchange has
taken place with Riak
returns True upon success, otherwise an exception is raised
"""
credentials = self._client._credentials
if credentials:
try:
ssl_ctx = configure_ssl_context(credentials)
host = self._address[0]
ssl_socket = ssl.SSLSocket(
sock=self._socket,
keyfile=credentials.pkey_file,
certfile=credentials.cert_file,
cert_reqs=ssl.CERT_REQUIRED,
ca_certs=credentials.cacert_file,
ciphers=credentials.ciphers,
server_hostname=host)
ssl_socket.context = ssl_ctx
# ssl handshake successful
ssl_socket.do_handshake()
self._socket = ssl_socket
return True
except ssl.SSLError as e:
raise SecurityError(e)
except Exception as e:
# fail if *any* exceptions are thrown during SSL handshake
raise SecurityError(e)
