summaryrefslogtreecommitdiffstats
path: root/src/lib/SSLServer.py
diff options
context:
space:
mode:
authorNarayan Desai <desai@mcs.anl.gov>2009-06-24 16:26:05 +0000
committerNarayan Desai <desai@mcs.anl.gov>2009-06-24 16:26:05 +0000
commitca974668ba340af041471df42bb246116d1b2a0c (patch)
tree761690160ca13d43ba9cc3d3a95a657dfe8606f8 /src/lib/SSLServer.py
parentaa46792562f616d669329f44ec1814e6cbd6010d (diff)
downloadbcfg2-ca974668ba340af041471df42bb246116d1b2a0c.tar.gz
bcfg2-ca974668ba340af041471df42bb246116d1b2a0c.tar.bz2
bcfg2-ca974668ba340af041471df42bb246116d1b2a0c.zip
SSL: Implement protocol selection in bcfg2.conf
Add explicit knob to select encryption for client/server connections. The default value is xmlrpc/ssl, but xmlrpc/tlsv1 is also supported (needed to use DOE grid certs) git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5297 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'src/lib/SSLServer.py')
-rw-r--r--src/lib/SSLServer.py15
1 files changed, 11 insertions, 4 deletions
diff --git a/src/lib/SSLServer.py b/src/lib/SSLServer.py
index 90007cbb9..2ad69218b 100644
--- a/src/lib/SSLServer.py
+++ b/src/lib/SSLServer.py
@@ -74,7 +74,7 @@ class SSLServer (SocketServer.TCPServer, object):
logger = logging.getLogger("Cobalt.Server.TCPServer")
def __init__ (self, server_address, RequestHandlerClass, keyfile=None,
- certfile=None, reqCert=False, ca=None, timeout=None):
+ certfile=None, reqCert=False, ca=None, timeout=None, protocol='xmlrpc/ssl'):
"""Initialize the SSL-TCP server.
@@ -118,12 +118,19 @@ class SSLServer (SocketServer.TCPServer, object):
self.mode = ssl.CERT_OPTIONAL
else:
self.mode = ssl.CERT_NONE
+ if protocol == 'xmlrpc/ssl':
+ self.ssl_protocol = ssl.PROTOCOL_SSLv23
+ elif protocol == 'xmlrpc/tlsv1':
+ self.ssl_protocol = ssl.PROTOCOL_TLSv1
+ else:
+ self.logger.error("Unknown protocol %s" % (protocol))
+ raise Exception, "unknown protocol %s" % protocol
def get_request(self):
(sock, sockinfo) = self.socket.accept()
sslsock = ssl.wrap_socket(sock, server_side=True, certfile=self.certfile,
keyfile=self.keyfile, cert_reqs=self.mode,
- ca_certs=self.ca)
+ ca_certs=self.ca, ssl_version=self.ssl_protocol)
return sslsock, sockinfo
def _get_url (self):
@@ -238,7 +245,7 @@ class XMLRPCServer (SocketServer.ThreadingMixIn, SSLServer,
"""
def __init__ (self, server_address, RequestHandlerClass=None,
- keyfile=None, certfile=None, ca=None,
+ keyfile=None, certfile=None, ca=None, protocol='xmlrpc/ssl',
timeout=10,
logRequests=False,
register=True, allow_none=True, encoding=None):
@@ -266,7 +273,7 @@ class XMLRPCServer (SocketServer.ThreadingMixIn, SSLServer,
SSLServer.__init__(self,
server_address, RequestHandlerClass, ca=ca,
- timeout=timeout, keyfile=keyfile, certfile=certfile)
+ timeout=timeout, keyfile=keyfile, certfile=certfile, protocol=protocol)
self.logRequests = logRequests
self.serve = False
self.register = register