def _ssl_handshake(self): """ Perform an SSL handshake w/ the server. Precondition: a successful STARTTLS exchange has taken place with Riak returns True upon success, otherwise an exception is raised """ credentials = self._client._credentials if credentials: try: ssl_ctx = configure_ssl_context(credentials) host = self._address[0] ssl_socket = ssl.SSLSocket(sock=self._socket, keyfile=credentials.pkey_file, certfile=credentials.cert_file, cert_reqs=ssl.CERT_REQUIRED, ca_certs=credentials. cacert_file, ciphers=credentials.ciphers, server_hostname=host) ssl_socket.context = ssl_ctx # ssl handshake successful ssl_socket.do_handshake() self._socket = ssl_socket return True except ssl.SSLError as e: raise SecurityError(e) except Exception as e: # fail if *any* exceptions are thrown during SSL handshake raise SecurityError(e)
def connect(self): """ Connect to a host on a given (SSL) port using PyOpenSSL. """ sock = socket.create_connection((self.host, self.port), self.timeout) if PY2: ssl_ctx = configure_pyopenssl_context(self.credentials) # attempt to upgrade the socket to TLS cxn = OpenSSL.SSL.Connection(ssl_ctx, sock) cxn.set_connect_state() while True: try: cxn.do_handshake() except OpenSSL.SSL.WantReadError: select.select([sock], [], []) continue except OpenSSL.SSL.Error as e: raise SecurityError('bad handshake - ' + str(e)) break self.sock = RiakWrappedSocket(cxn, sock) self.credentials._check_revoked_cert(self.sock) else: ssl_ctx = configure_ssl_context(self.credentials) host = "riak@" + self.host self.sock = ssl.SSLSocket(sock=sock, keyfile=self.credentials.pkey_file, certfile=self.credentials.cert_file, cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.credentials.cacert_file, ciphers=self.credentials.ciphers, server_hostname=host) self.sock.context = ssl_ctx
def _ssl_handshake(self): """ Perform an SSL handshake w/ the server. Precondition: a successful STARTTLS exchange has taken place with Riak returns True upon success, otherwise an exception is raised """ credentials = self._client._credentials if credentials: try: ssl_ctx = configure_ssl_context(credentials) host = self._address[0] ssl_socket = ssl.SSLSocket( sock=self._socket, keyfile=credentials.pkey_file, certfile=credentials.cert_file, cert_reqs=ssl.CERT_REQUIRED, ca_certs=credentials.cacert_file, ciphers=credentials.ciphers, server_hostname=host) ssl_socket.context = ssl_ctx # ssl handshake successful ssl_socket.do_handshake() self._socket = ssl_socket return True except ssl.SSLError as e: raise SecurityError(e) except Exception as e: # fail if *any* exceptions are thrown during SSL handshake raise SecurityError(e)