You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kg...@apache.org on 2014/07/18 17:21:38 UTC

svn commit: r1611670 - in /qpid/trunk/qpid/python/qpid/messaging: endpoints.py transports.py

Author: kgiusti
Date: Fri Jul 18 15:21:37 2014
New Revision: 1611670

URL: http://svn.apache.org/r1611670
Log:
QPID-5894: force cert checking if user specifically asks to verify the remote's hostname.

Modified:
    qpid/trunk/qpid/python/qpid/messaging/endpoints.py
    qpid/trunk/qpid/python/qpid/messaging/transports.py

Modified: qpid/trunk/qpid/python/qpid/messaging/endpoints.py
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/python/qpid/messaging/endpoints.py?rev=1611670&r1=1611669&r2=1611670&view=diff
==============================================================================
--- qpid/trunk/qpid/python/qpid/messaging/endpoints.py (original)
+++ qpid/trunk/qpid/python/qpid/messaging/endpoints.py Fri Jul 18 15:21:37 2014
@@ -182,6 +182,8 @@ class Connection(Endpoint):
     self.ssl_keyfile = default(self.ssl_keyfile, None)
     self.ssl_certfile = default(self.ssl_certfile, None)
     self.ssl_trustfile = default(self.ssl_trustfile, None)
+    # if ssl_skip_hostname_check was not explicitly set, this will be None
+    self._ssl_skip_hostname_check_actual = options.get("ssl_skip_hostname_check")
     self.ssl_skip_hostname_check = default(self.ssl_skip_hostname_check, False)
     self.client_properties = default(self.client_properties, {})
 

Modified: qpid/trunk/qpid/python/qpid/messaging/transports.py
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/python/qpid/messaging/transports.py?rev=1611670&r1=1611669&r2=1611670&view=diff
==============================================================================
--- qpid/trunk/qpid/python/qpid/messaging/transports.py (original)
+++ qpid/trunk/qpid/python/qpid/messaging/transports.py Fri Jul 18 15:21:37 2014
@@ -109,6 +109,11 @@ else:
       else:
         validate = CERT_NONE
 
+      # if user manually set flag to false then require cert
+      actual = getattr(conn, "_ssl_skip_hostname_check_actual", None)
+      if actual is not None and conn.ssl_skip_hostname_check is False:
+        validate = CERT_REQUIRED
+
       self.tls = wrap_socket(self.socket, keyfile=conn.ssl_keyfile,
                              certfile=conn.ssl_certfile,
                              ca_certs=conn.ssl_trustfile,



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org