def connect(self): """ Connect to a host on a given (SSL) port using PyOpenSSL. """ sock = socket.create_connection((self.host, self.port), self.timeout) if PY2: ssl_ctx = configure_pyopenssl_context(self.credentials) # attempt to upgrade the socket to TLS cxn = OpenSSL.SSL.Connection(ssl_ctx, sock) cxn.set_connect_state() while True: try: cxn.do_handshake() except OpenSSL.SSL.WantReadError: select.select([sock], [], []) continue except OpenSSL.SSL.Error as e: raise SecurityError('bad handshake - ' + str(e)) break self.sock = RiakWrappedSocket(cxn, sock) self.credentials._check_revoked_cert(self.sock) else: ssl_ctx = configure_ssl_context(self.credentials) host = "riak@" + self.host self.sock = ssl.SSLSocket(sock=sock, keyfile=self.credentials.pkey_file, certfile=self.credentials.cert_file, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.credentials.cacert_file, ciphers=self.credentials.ciphers, server_hostname=host) self.sock.context = ssl_ctx
def connect(self): """ Connect to a host on a given (SSL) port using PyOpenSSL. """ sock = socket.create_connection((self.host, self.port), self.timeout) if PY2: ssl_ctx = configure_pyopenssl_context(self.credentials) # attempt to upgrade the socket to TLS cxn = OpenSSL.SSL.Connection(ssl_ctx, sock) cxn.set_connect_state() while True: try: cxn.do_handshake() except OpenSSL.SSL.WantReadError: select.select([sock], [], []) continue except OpenSSL.SSL.Error as e: raise SecurityError('bad handshake - ' + str(e)) break self.sock = RiakWrappedSocket(cxn, sock) self.credentials._check_revoked_cert(self.sock) else: ssl_ctx = configure_ssl_context(self.credentials) host = "riak@" + self.host self.sock = ssl.SSLSocket(sock=sock, keyfile=self.credentials.pkey_file, certfile=self.credentials.cert_file, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.credentials.cacert_file, ciphers=self.credentials.ciphers, server_hostname=host) self.sock.context = ssl_ctx
def _ssl_handshake(self): """ Perform an SSL handshake w/ the server. Precondition: a successful STARTTLS exchange has taken place with Riak returns True upon success, otherwise an exception is raised """ if self._client._credentials: try: ssl_ctx = configure_pyopenssl_context(self. _client._credentials) # attempt to upgrade the socket to SSL ssl_socket = Connection(ssl_ctx, self._socket) ssl_socket.set_connect_state() ssl_socket.do_handshake() # ssl handshake successful self._socket = ssl_socket self._client._credentials._check_revoked_cert(ssl_socket) return True except Exception as e: # fail if *any* exceptions are thrown during SSL handshake raise SecurityError(e)
def _ssl_handshake(self): """ Perform an SSL handshake w/ the server. Precondition: a successful STARTTLS exchange has taken place with Riak returns True upon success, otherwise an exception is raised """ if self._client._credentials: try: ssl_ctx = configure_pyopenssl_context( self._client._credentials) # attempt to upgrade the socket to SSL ssl_socket = Connection(ssl_ctx, self._socket) ssl_socket.set_connect_state() ssl_socket.do_handshake() # ssl handshake successful self._socket = ssl_socket self._client._credentials._check_revoked_cert(ssl_socket) return True except Exception as e: # fail if *any* exceptions are thrown during SSL handshake raise SecurityError(e)