You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kg...@apache.org on 2012/09/21 17:02:59 UTC
svn commit: r1388544 - in /qpid/trunk/qpid: extras/qmf/src/py/qmf/console.py
python/qpid/messaging/transports.py python/qpid/util.py
Author: kgiusti
Date: Fri Sep 21 15:02:58 2012
New Revision: 1388544
URL: http://svn.apache.org/viewvc?rev=1388544&view=rev
Log:
QPID-4337: add SSL support for older python clients.
Modified:
qpid/trunk/qpid/extras/qmf/src/py/qmf/console.py
qpid/trunk/qpid/python/qpid/messaging/transports.py
qpid/trunk/qpid/python/qpid/util.py
Modified: qpid/trunk/qpid/extras/qmf/src/py/qmf/console.py
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/extras/qmf/src/py/qmf/console.py?rev=1388544&r1=1388543&r2=1388544&view=diff
==============================================================================
--- qpid/trunk/qpid/extras/qmf/src/py/qmf/console.py (original)
+++ qpid/trunk/qpid/extras/qmf/src/py/qmf/console.py Fri Sep 21 15:02:58 2012
@@ -25,6 +25,7 @@ import qpid
import struct
import socket
import re
+import sys
from qpid.datatypes import UUID
from qpid.datatypes import timestamp
from qpid.datatypes import datetime
@@ -2423,7 +2424,14 @@ class Broker(Thread):
oldTimeout = sock.gettimeout()
sock.settimeout(self.connTimeout)
connSock = None
+ force_blocking = False
if self.ssl:
+ # Bug (QPID-4337): the "old" implementation of python SSL
+ # fails if the socket is set to non-blocking (which settimeout()
+ # may change).
+ if sys.version_info[:2] < (2, 6): # 2.6+ uses openssl - it's ok
+ force_blocking = True
+ sock.setblocking(1)
if 'ssl_certfile' in self.connectArgs:
connSock = ssl(sock, certfile=self.connectArgs['ssl_certfile'])
else:
@@ -2438,7 +2446,10 @@ class Broker(Thread):
oldAborted = self.conn.aborted
self.conn.aborted = aborted
self.conn.start()
- sock.settimeout(oldTimeout)
+
+ # Bug (QPID-4337): don't enable non-blocking (timeouts) for old SSL
+ if not force_blocking:
+ sock.settimeout(oldTimeout)
self.conn.aborted = oldAborted
uid = self.conn.user_id
if uid.__class__ == tuple and len(uid) == 2:
Modified: qpid/trunk/qpid/python/qpid/messaging/transports.py
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/python/qpid/messaging/transports.py?rev=1388544&r1=1388543&r2=1388544&view=diff
==============================================================================
--- qpid/trunk/qpid/python/qpid/messaging/transports.py (original)
+++ qpid/trunk/qpid/python/qpid/messaging/transports.py Fri Sep 21 15:02:58 2012
@@ -55,7 +55,41 @@ try:
from ssl import wrap_socket, SSLError, SSL_ERROR_WANT_READ, \
SSL_ERROR_WANT_WRITE
except ImportError:
- pass
+
+ ## try the older python SSL api:
+ from socket import ssl
+
+ class old_ssl(SocketTransport):
+ def __init__(self, conn, host, port):
+ SocketTransport.__init__(self, conn, host, port)
+ # Bug (QPID-4337): this is the "old" version of python SSL.
+ # The private key is required. If a certificate is given, but no
+ # keyfile, assume the key is contained in the certificate
+ ssl_keyfile = conn.ssl_keyfile
+ ssl_certfile = conn.ssl_certfile
+ if ssl_certfile and not ssl_keyfile:
+ ssl_keyfile = ssl_certfile
+ self.ssl = ssl(self.socket, keyfile=ssl_keyfile, certfile=ssl_certfile)
+ self.socket.setblocking(1)
+
+ def reading(self, reading):
+ return reading
+
+ def writing(self, writing):
+ return writing
+
+ def recv(self, n):
+ return self.ssl.read(n)
+
+ def send(self, s):
+ return self.ssl.write(s)
+
+ def close(self):
+ self.socket.close()
+
+ TRANSPORTS["ssl"] = old_ssl
+ TRANSPORTS["tcp+tls"] = old_ssl
+
else:
class tls(SocketTransport):
Modified: qpid/trunk/qpid/python/qpid/util.py
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/python/qpid/util.py?rev=1388544&r1=1388543&r2=1388544&view=diff
==============================================================================
--- qpid/trunk/qpid/python/qpid/util.py (original)
+++ qpid/trunk/qpid/python/qpid/util.py Fri Sep 21 15:02:58 2012
@@ -24,8 +24,12 @@ try:
except ImportError:
from socket import ssl as wrap_socket
class ssl:
-
def __init__(self, sock, keyfile=None, certfile=None, trustfile=None):
+ # Bug (QPID-4337): this is the "old" version of python SSL.
+ # The private key is required. If a certificate is given, but no
+ # keyfile, assume the key is contained in the certificate
+ if certfile and not keyfile:
+ keyfile = certfile
self.sock = sock
self.ssl = wrap_socket(sock, keyfile=keyfile, certfile=certfile)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org