def __init__(self, host, port=None, key_file=None, cert_file=None, cacert=None, timeout=None, insecure=False, ssl_compression=True): # List of exceptions reported by Python3 instead of # SSLConfigurationError excp_lst = (TypeError, FileNotFoundError, ssl.SSLError) try: HTTPSConnection.__init__(self, host, port, key_file=key_file, cert_file=cert_file) self.key_file = key_file self.cert_file = cert_file self.timeout = timeout self.insecure = insecure # NOTE(flaper87): `is_verified` is needed for # requests' urllib3. If insecure is True then # the request is not `verified`, hence `not insecure` self.is_verified = not insecure self.ssl_compression = ssl_compression self.cacert = None if cacert is None else str(cacert) self.set_context() # ssl exceptions are reported in various form in Python 3 # so to be compatible, we report the same kind as under # Python2 except excp_lst as e: raise exc.SSLConfigurationError(str(e))
def __init__(self, host, port=None, key_file=None, cert_file=None, cacert=None, timeout=None, insecure=False, ssl_compression=True): # List of exceptions reported by Python3 instead of # SSLConfigurationError if six.PY3: excp_lst = (TypeError, FileNotFoundError, ssl.SSLError) else: # NOTE(jamespage) # Accommodate changes in behaviour for pep-0467, introduced # in python 2.7.9. # https://github.com/python/peps/blob/master/pep-0476.txt excp_lst = (TypeError, IOError, ssl.SSLError) try: HTTPSConnection.__init__(self, host, port, key_file=key_file, cert_file=cert_file) self.key_file = key_file self.cert_file = cert_file self.timeout = timeout self.insecure = insecure # NOTE(flaper87): `is_verified` is needed for # requests' urllib3. If insecure is True then # the request is not `verified`, hence `not insecure` self.is_verified = not insecure self.ssl_compression = ssl_compression self.cacert = None if cacert is None else str(cacert) self.set_context() # ssl exceptions are reported in various form in Python 3 # so to be compatible, we report the same kind as under # Python2 except excp_lst as e: raise exc.SSLConfigurationError(str(e))
def __init__(self, host, port=None, key_file=None, cert_file=None, cacert=None, timeout=None, insecure=False, ssl_compression=True): # List of exceptions reported by Python3 instead of # SSLConfigurationError if six.PY3: excp_lst = (TypeError, FileNotFoundError, ssl.SSLError) else: excp_lst = () try: HTTPSConnection.__init__(self, host, port, key_file=key_file, cert_file=cert_file) self.key_file = key_file self.cert_file = cert_file self.timeout = timeout self.insecure = insecure self.ssl_compression = ssl_compression self.cacert = None if cacert is None else str(cacert) self.set_context() # ssl exceptions are reported in various form in Python 3 # so to be compatible, we report the same kind as under # Python2 except excp_lst as e: raise exc.SSLConfigurationError(str(e))
def set_context(self): """ Set up the OpenSSL context. """ self.context = OpenSSL.SSL.Context(OpenSSL.SSL.SSLv23_METHOD) self.context.set_cipher_list(self.CIPHERS) if self.ssl_compression is False: self.context.set_options(0x20000) # SSL_OP_NO_COMPRESSION if self.insecure is not True: self.context.set_verify(OpenSSL.SSL.VERIFY_PEER, verify_callback(host=self.host)) else: self.context.set_verify(OpenSSL.SSL.VERIFY_NONE, lambda *args: True) if self.cert_file: try: self.context.use_certificate_file(self.cert_file) except Exception as e: msg = 'Unable to load cert from "%s" %s' % (self.cert_file, e) raise exc.SSLConfigurationError(msg) if self.key_file is None: # We support having key and cert in same file try: self.context.use_privatekey_file(self.cert_file) except Exception as e: msg = ('No key file specified and unable to load key ' 'from "%s" %s' % (self.cert_file, e)) raise exc.SSLConfigurationError(msg) if self.key_file: try: self.context.use_privatekey_file(self.key_file) except Exception as e: msg = 'Unable to load key from "%s" %s' % (self.key_file, e) raise exc.SSLConfigurationError(msg) if self.cacert: try: self.context.load_verify_locations(to_bytes(self.cacert)) except Exception as e: msg = 'Unable to load CA from "%s" %s' % (self.cacert, e) raise exc.SSLConfigurationError(msg) else: self.context.set_default_verify_paths()