You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kg...@apache.org on 2012/09/21 17:02:59 UTC

svn commit: r1388544 - in /qpid/trunk/qpid: extras/qmf/src/py/qmf/console.py python/qpid/messaging/transports.py python/qpid/util.py

Author: kgiusti
Date: Fri Sep 21 15:02:58 2012
New Revision: 1388544

URL: http://svn.apache.org/viewvc?rev=1388544&view=rev
Log:
QPID-4337: add SSL support for older python clients.

Modified:
    qpid/trunk/qpid/extras/qmf/src/py/qmf/console.py
    qpid/trunk/qpid/python/qpid/messaging/transports.py
    qpid/trunk/qpid/python/qpid/util.py

Modified: qpid/trunk/qpid/extras/qmf/src/py/qmf/console.py
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/extras/qmf/src/py/qmf/console.py?rev=1388544&r1=1388543&r2=1388544&view=diff
==============================================================================
--- qpid/trunk/qpid/extras/qmf/src/py/qmf/console.py (original)
+++ qpid/trunk/qpid/extras/qmf/src/py/qmf/console.py Fri Sep 21 15:02:58 2012
@@ -25,6 +25,7 @@ import qpid
 import struct
 import socket
 import re
+import sys
 from qpid.datatypes  import UUID
 from qpid.datatypes  import timestamp
 from qpid.datatypes  import datetime
@@ -2423,7 +2424,14 @@ class Broker(Thread):
       oldTimeout = sock.gettimeout()
       sock.settimeout(self.connTimeout)
       connSock = None
+      force_blocking = False
       if self.ssl:
+        # Bug (QPID-4337): the "old" implementation of python SSL
+        # fails if the socket is set to non-blocking (which settimeout()
+        # may change).
+        if sys.version_info[:2] < (2, 6):  # 2.6+ uses openssl - it's ok
+          force_blocking = True
+          sock.setblocking(1)
         if 'ssl_certfile' in self.connectArgs:
           connSock = ssl(sock, certfile=self.connectArgs['ssl_certfile'])
         else:
@@ -2438,7 +2446,10 @@ class Broker(Thread):
       oldAborted = self.conn.aborted
       self.conn.aborted = aborted
       self.conn.start()
-      sock.settimeout(oldTimeout)
+      
+      # Bug (QPID-4337): don't enable non-blocking (timeouts) for old SSL
+      if not force_blocking:
+        sock.settimeout(oldTimeout)
       self.conn.aborted = oldAborted
       uid = self.conn.user_id
       if uid.__class__ == tuple and len(uid) == 2:

Modified: qpid/trunk/qpid/python/qpid/messaging/transports.py
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/python/qpid/messaging/transports.py?rev=1388544&r1=1388543&r2=1388544&view=diff
==============================================================================
--- qpid/trunk/qpid/python/qpid/messaging/transports.py (original)
+++ qpid/trunk/qpid/python/qpid/messaging/transports.py Fri Sep 21 15:02:58 2012
@@ -55,7 +55,41 @@ try:
   from ssl import wrap_socket, SSLError, SSL_ERROR_WANT_READ, \
       SSL_ERROR_WANT_WRITE
 except ImportError:
-  pass
+
+  ## try the older python SSL api:
+  from socket import ssl
+
+  class old_ssl(SocketTransport):
+    def __init__(self, conn, host, port):
+      SocketTransport.__init__(self, conn, host, port)
+      # Bug (QPID-4337): this is the "old" version of python SSL.
+      # The private key is required. If a certificate is given, but no
+      # keyfile, assume the key is contained in the certificate
+      ssl_keyfile = conn.ssl_keyfile
+      ssl_certfile = conn.ssl_certfile
+      if ssl_certfile and not ssl_keyfile:
+        ssl_keyfile = ssl_certfile
+      self.ssl = ssl(self.socket, keyfile=ssl_keyfile, certfile=ssl_certfile)
+      self.socket.setblocking(1)
+
+    def reading(self, reading):
+      return reading
+
+    def writing(self, writing):
+      return writing
+
+    def recv(self, n):
+      return self.ssl.read(n)
+
+    def send(self, s):
+      return self.ssl.write(s)
+
+    def close(self):
+      self.socket.close()
+
+  TRANSPORTS["ssl"] = old_ssl
+  TRANSPORTS["tcp+tls"] = old_ssl
+    
 else:
   class tls(SocketTransport):
 

Modified: qpid/trunk/qpid/python/qpid/util.py
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/python/qpid/util.py?rev=1388544&r1=1388543&r2=1388544&view=diff
==============================================================================
--- qpid/trunk/qpid/python/qpid/util.py (original)
+++ qpid/trunk/qpid/python/qpid/util.py Fri Sep 21 15:02:58 2012
@@ -24,8 +24,12 @@ try:
 except ImportError:
   from socket import ssl as wrap_socket
   class ssl:
-
     def __init__(self, sock, keyfile=None, certfile=None, trustfile=None):
+      # Bug (QPID-4337): this is the "old" version of python SSL.
+      # The private key is required. If a certificate is given, but no
+      # keyfile, assume the key is contained in the certificate
+      if certfile and not keyfile:
+        keyfile = certfile
       self.sock = sock
       self.ssl = wrap_socket(sock, keyfile=keyfile, certfile=certfile)
 



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org