diff options
author | Narayan Desai <desai@mcs.anl.gov> | 2009-06-24 16:26:05 +0000 |
---|---|---|
committer | Narayan Desai <desai@mcs.anl.gov> | 2009-06-24 16:26:05 +0000 |
commit | ca974668ba340af041471df42bb246116d1b2a0c (patch) | |
tree | 761690160ca13d43ba9cc3d3a95a657dfe8606f8 /src/lib/SSLServer.py | |
parent | aa46792562f616d669329f44ec1814e6cbd6010d (diff) | |
download | bcfg2-ca974668ba340af041471df42bb246116d1b2a0c.tar.gz bcfg2-ca974668ba340af041471df42bb246116d1b2a0c.tar.bz2 bcfg2-ca974668ba340af041471df42bb246116d1b2a0c.zip |
SSL: Implement protocol selection in bcfg2.conf
Add explicit knob to select encryption for client/server connections. The default
value is xmlrpc/ssl, but xmlrpc/tlsv1 is also supported (needed to use DOE grid certs)
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5297 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'src/lib/SSLServer.py')
-rw-r--r-- | src/lib/SSLServer.py | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/src/lib/SSLServer.py b/src/lib/SSLServer.py index 90007cbb9..2ad69218b 100644 --- a/src/lib/SSLServer.py +++ b/src/lib/SSLServer.py @@ -74,7 +74,7 @@ class SSLServer (SocketServer.TCPServer, object): logger = logging.getLogger("Cobalt.Server.TCPServer") def __init__ (self, server_address, RequestHandlerClass, keyfile=None, - certfile=None, reqCert=False, ca=None, timeout=None): + certfile=None, reqCert=False, ca=None, timeout=None, protocol='xmlrpc/ssl'): """Initialize the SSL-TCP server. @@ -118,12 +118,19 @@ class SSLServer (SocketServer.TCPServer, object): self.mode = ssl.CERT_OPTIONAL else: self.mode = ssl.CERT_NONE + if protocol == 'xmlrpc/ssl': + self.ssl_protocol = ssl.PROTOCOL_SSLv23 + elif protocol == 'xmlrpc/tlsv1': + self.ssl_protocol = ssl.PROTOCOL_TLSv1 + else: + self.logger.error("Unknown protocol %s" % (protocol)) + raise Exception, "unknown protocol %s" % protocol def get_request(self): (sock, sockinfo) = self.socket.accept() sslsock = ssl.wrap_socket(sock, server_side=True, certfile=self.certfile, keyfile=self.keyfile, cert_reqs=self.mode, - ca_certs=self.ca) + ca_certs=self.ca, ssl_version=self.ssl_protocol) return sslsock, sockinfo def _get_url (self): @@ -238,7 +245,7 @@ class XMLRPCServer (SocketServer.ThreadingMixIn, SSLServer, """ def __init__ (self, server_address, RequestHandlerClass=None, - keyfile=None, certfile=None, ca=None, + keyfile=None, certfile=None, ca=None, protocol='xmlrpc/ssl', timeout=10, logRequests=False, register=True, allow_none=True, encoding=None): @@ -266,7 +273,7 @@ class XMLRPCServer (SocketServer.ThreadingMixIn, SSLServer, SSLServer.__init__(self, server_address, RequestHandlerClass, ca=ca, - timeout=timeout, keyfile=keyfile, certfile=certfile) + timeout=timeout, keyfile=keyfile, certfile=certfile, protocol=protocol) self.logRequests = logRequests self.serve = False self.register = register |