You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@thrift.apache.org by jf...@apache.org on 2013/06/08 05:48:44 UTC
git commit: THRIFT-1966:Support different files for SSL certificates
and keys Client: py Patch: Michael Kaes
Updated Branches:
refs/heads/master c317852ee -> 877125c5c
THRIFT-1966:Support different files for SSL certificates and keys
Client: py
Patch: Michael Kaes
Change the TSSLSocket class to accept key parameters and pass them to the ssl.wrap_socket function
Project: http://git-wip-us.apache.org/repos/asf/thrift/repo
Commit: http://git-wip-us.apache.org/repos/asf/thrift/commit/877125c5
Tree: http://git-wip-us.apache.org/repos/asf/thrift/tree/877125c5
Diff: http://git-wip-us.apache.org/repos/asf/thrift/diff/877125c5
Branch: refs/heads/master
Commit: 877125c5cd3c98e46affaa382ffceef7f9403acb
Parents: c317852
Author: Jake Farrell <jf...@apache.org>
Authored: Fri Jun 7 23:47:22 2013 -0400
Committer: Jake Farrell <jf...@apache.org>
Committed: Fri Jun 7 23:47:22 2013 -0400
----------------------------------------------------------------------
lib/py/src/transport/TSSLSocket.py | 13 ++++++++++++-
1 files changed, 12 insertions(+), 1 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/thrift/blob/877125c5/lib/py/src/transport/TSSLSocket.py
----------------------------------------------------------------------
diff --git a/lib/py/src/transport/TSSLSocket.py b/lib/py/src/transport/TSSLSocket.py
index 0ab1502..81e0984 100644
--- a/lib/py/src/transport/TSSLSocket.py
+++ b/lib/py/src/transport/TSSLSocket.py
@@ -43,6 +43,8 @@ class TSSLSocket(TSocket.TSocket):
port=9090,
validate=True,
ca_certs=None,
+ keyfile=None,
+ certfile=None,
unix_socket=None):
"""Create SSL TSocket
@@ -52,7 +54,11 @@ class TSSLSocket(TSocket.TSocket):
file downloaded from: http://curl.haxx.se/ca/cacert.pem This is passed to
the ssl_wrap function as the 'ca_certs' parameter.
@type ca_certs: str
-
+ @param keyfile: The private key
+ @type keyfile: str
+ @param certfile: The cert file
+ @type certfile: str
+
Raises an IOError exception if validate is True and the ca_certs file is
None, not present or unreadable.
"""
@@ -64,6 +70,8 @@ class TSSLSocket(TSocket.TSocket):
else:
self.cert_reqs = ssl.CERT_REQUIRED
self.ca_certs = ca_certs
+ self.keyfile = keyfile
+ self.certfile = certfile
if validate:
if ca_certs is None or not os.access(ca_certs, os.R_OK):
raise IOError('Certificate Authority ca_certs file "%s" '
@@ -82,6 +90,8 @@ class TSSLSocket(TSocket.TSocket):
ssl_version=self.SSL_VERSION,
do_handshake_on_connect=True,
ca_certs=self.ca_certs,
+ keyfile=self.keyfile,
+ certfile=self.certfile,
cert_reqs=self.cert_reqs)
self.handle.settimeout(self._timeout)
try:
@@ -129,6 +139,7 @@ class TSSLSocket(TSocket.TSocket):
if cert_key != 'commonName':
continue
certhost = cert_value
+ # this check should be performed by some sort of Access Manager
if certhost == self.host:
# success, cert commonName matches desired hostname
self.is_valid = True