You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kg...@apache.org on 2014/07/18 17:21:38 UTC
svn commit: r1611670 - in /qpid/trunk/qpid/python/qpid/messaging:
endpoints.py transports.py
Author: kgiusti
Date: Fri Jul 18 15:21:37 2014
New Revision: 1611670
URL: http://svn.apache.org/r1611670
Log:
QPID-5894: force cert checking if user specifically asks to verify the remote's hostname.
Modified:
qpid/trunk/qpid/python/qpid/messaging/endpoints.py
qpid/trunk/qpid/python/qpid/messaging/transports.py
Modified: qpid/trunk/qpid/python/qpid/messaging/endpoints.py
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/python/qpid/messaging/endpoints.py?rev=1611670&r1=1611669&r2=1611670&view=diff
==============================================================================
--- qpid/trunk/qpid/python/qpid/messaging/endpoints.py (original)
+++ qpid/trunk/qpid/python/qpid/messaging/endpoints.py Fri Jul 18 15:21:37 2014
@@ -182,6 +182,8 @@ class Connection(Endpoint):
self.ssl_keyfile = default(self.ssl_keyfile, None)
self.ssl_certfile = default(self.ssl_certfile, None)
self.ssl_trustfile = default(self.ssl_trustfile, None)
+ # if ssl_skip_hostname_check was not explicitly set, this will be None
+ self._ssl_skip_hostname_check_actual = options.get("ssl_skip_hostname_check")
self.ssl_skip_hostname_check = default(self.ssl_skip_hostname_check, False)
self.client_properties = default(self.client_properties, {})
Modified: qpid/trunk/qpid/python/qpid/messaging/transports.py
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/python/qpid/messaging/transports.py?rev=1611670&r1=1611669&r2=1611670&view=diff
==============================================================================
--- qpid/trunk/qpid/python/qpid/messaging/transports.py (original)
+++ qpid/trunk/qpid/python/qpid/messaging/transports.py Fri Jul 18 15:21:37 2014
@@ -109,6 +109,11 @@ else:
else:
validate = CERT_NONE
+ # if user manually set flag to false then require cert
+ actual = getattr(conn, "_ssl_skip_hostname_check_actual", None)
+ if actual is not None and conn.ssl_skip_hostname_check is False:
+ validate = CERT_REQUIRED
+
self.tls = wrap_socket(self.socket, keyfile=conn.ssl_keyfile,
certfile=conn.ssl_certfile,
ca_certs=conn.ssl_trustfile,
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org