libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From to...@apache.org
Subject [4/8] git commit: Remove support for old and deprecated VERIFY_SSL_STRICT variable.
Date Sun, 08 Dec 2013 20:19:55 GMT
Remove support for old and deprecated VERIFY_SSL_STRICT variable.

This variable was only used in an old version when we enabled cert validation
to ease the migration path. It has been deprecated since then.


Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/aa4e590c
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/aa4e590c
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/aa4e590c

Branch: refs/heads/trunk
Commit: aa4e590cd9f5d8bd2357676ee37a3e55646c47ac
Parents: e17bc75
Author: Tomaz Muraus <tomaz@apache.org>
Authored: Sun Dec 8 20:20:27 2013 +0100
Committer: Tomaz Muraus <tomaz@apache.org>
Committed: Sun Dec 8 20:20:52 2013 +0100

----------------------------------------------------------------------
 libcloud/httplib_ssl.py           | 36 +++++++++++++++++-----------------
 libcloud/security.py              |  8 +-------
 libcloud/test/test_httplib_ssl.py | 30 +++++++++++-----------------
 3 files changed, 30 insertions(+), 44 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/libcloud/blob/aa4e590c/libcloud/httplib_ssl.py
----------------------------------------------------------------------
diff --git a/libcloud/httplib_ssl.py b/libcloud/httplib_ssl.py
index 4709f27..4c3255a 100644
--- a/libcloud/httplib_ssl.py
+++ b/libcloud/httplib_ssl.py
@@ -27,7 +27,8 @@ from libcloud.utils.py3 import httplib
 
 
 class LibcloudHTTPSConnection(httplib.HTTPSConnection):
-    """LibcloudHTTPSConnection
+    """
+    LibcloudHTTPSConnection
 
     Subclass of HTTPSConnection which verifies certificate names
     if and only if CA certificates are available.
@@ -36,20 +37,21 @@ class LibcloudHTTPSConnection(httplib.HTTPSConnection):
     ca_cert = None        # no default CA Certificate
 
     def __init__(self, *args, **kwargs):
-        """Constructor
+        """
+        Constructor
         """
         self._setup_verify()
         httplib.HTTPSConnection.__init__(self, *args, **kwargs)
 
     def _setup_verify(self):
-        """Setup Verify SSL or not
+        """
+        Setup Verify SSL or not
 
         Reads security module's VERIFY_SSL_CERT and toggles whether
         the class overrides the connect() class method or runs the
         inherited httplib.HTTPSConnection connect()
         """
         self.verify = libcloud.security.VERIFY_SSL_CERT
-        self.strict = libcloud.security.VERIFY_SSL_CERT_STRICT
 
         if self.verify:
             self._setup_ca_cert()
@@ -57,7 +59,8 @@ class LibcloudHTTPSConnection(httplib.HTTPSConnection):
             warnings.warn(libcloud.security.VERIFY_SSL_DISABLED_MSG)
 
     def _setup_ca_cert(self):
-        """Setup CA Certs
+        """
+        Setup CA Certs
 
         Search in CA_CERTS_PATH for valid candidates and
         return first match.  Otherwise, complain about certs
@@ -73,18 +76,12 @@ class LibcloudHTTPSConnection(httplib.HTTPSConnection):
             # use first available certificate
             self.ca_cert = ca_certs_available[0]
         else:
-            if self.strict:
-                raise RuntimeError(
-                    libcloud.security.CA_CERTS_UNAVAILABLE_ERROR_MSG)
-            else:
-                # no certificates found; toggle verify to False
-                warnings.warn(
-                    libcloud.security.CA_CERTS_UNAVAILABLE_WARNING_MSG)
-                self.ca_cert = None
-                self.verify = False
+            raise RuntimeError(
+                libcloud.security.CA_CERTS_UNAVAILABLE_ERROR_MSG)
 
     def connect(self):
-        """Connect
+        """
+        Connect
 
         Checks if verification is toggled; if not, just call
         httplib.HTTPSConnection's connect
@@ -111,7 +108,8 @@ class LibcloudHTTPSConnection(httplib.HTTPSConnection):
             raise ssl.SSLError('Failed to verify hostname')
 
     def _verify_hostname(self, hostname, cert):
-        """Verify hostname against peer cert
+        """
+        Verify hostname against peer cert
 
         Check both commonName and entries in subjectAltName, using a
         rudimentary glob to dns regex check to find matches
@@ -133,7 +131,8 @@ class LibcloudHTTPSConnection(httplib.HTTPSConnection):
         )
 
     def _get_subject_alt_names(self, cert):
-        """Get SubjectAltNames
+        """
+        Get SubjectAltNames
 
         Retrieve 'subjectAltName' attributes from cert data structure
         """
@@ -146,7 +145,8 @@ class LibcloudHTTPSConnection(httplib.HTTPSConnection):
         return values
 
     def _get_common_name(self, cert):
-        """Get Common Name
+        """
+        Get Common Name
 
         Retrieve 'commonName' attribute from cert data structure
         """

http://git-wip-us.apache.org/repos/asf/libcloud/blob/aa4e590c/libcloud/security.py
----------------------------------------------------------------------
diff --git a/libcloud/security.py b/libcloud/security.py
index 8bf1f04..8be810d 100644
--- a/libcloud/security.py
+++ b/libcloud/security.py
@@ -20,13 +20,12 @@ Usage:
     libcloud.security.VERIFY_SSL_CERT = True
 
     # Optional.
-    libcloud.security.CA_CERTS_PATH.append("/path/to/cacert.txt")
+    libcloud.security.CA_CERTS_PATH.append('/path/to/cacert.txt')
 """
 
 import os
 
 VERIFY_SSL_CERT = True
-VERIFY_SSL_CERT_STRICT = True
 
 # File containing one or more PEM-encoded CA certificates
 # concatenated together.
@@ -63,11 +62,6 @@ if environment_cert_file is not None:
     # don't want to fall-back to a potentially less restrictive bundle
     CA_CERTS_PATH = [environment_cert_file]
 
-CA_CERTS_UNAVAILABLE_WARNING_MSG = (
-    'Warning: No CA Certificates were found in CA_CERTS_PATH. '
-    'Toggling VERIFY_SSL_CERT to False.'
-)
-
 CA_CERTS_UNAVAILABLE_ERROR_MSG = (
     'No CA Certificates were found in CA_CERTS_PATH. For information on '
     'how to get required certificate files, please visit '

http://git-wip-us.apache.org/repos/asf/libcloud/blob/aa4e590c/libcloud/test/test_httplib_ssl.py
----------------------------------------------------------------------
diff --git a/libcloud/test/test_httplib_ssl.py b/libcloud/test/test_httplib_ssl.py
index f7ac513..9192b9e 100644
--- a/libcloud/test/test_httplib_ssl.py
+++ b/libcloud/test/test_httplib_ssl.py
@@ -192,17 +192,8 @@ class TestHttpLibSSLTests(unittest.TestCase):
     def test_setup_verify(self, _):
         libcloud.security.CA_CERTS_PATH = []
 
-        # non-strict mode should just emit a warning
+        # Should throw a runtime error
         libcloud.security.VERIFY_SSL_CERT = True
-        libcloud.security.VERIFY_SSL_CERT_STRICT = False
-        self.httplib_object._setup_verify()
-
-        warnings.warn.assert_called_once_with(
-            libcloud.security.CA_CERTS_UNAVAILABLE_WARNING_MSG)
-
-        # strict mode, should throw a runtime error
-        libcloud.security.VERIFY_SSL_CERT = True
-        libcloud.security.VERIFY_SSL_CERT_STRICT = True
 
         try:
             self.httplib_object._setup_verify()
@@ -215,14 +206,12 @@ class TestHttpLibSSLTests(unittest.TestCase):
             self.fail('Exception not thrown')
 
         libcloud.security.VERIFY_SSL_CERT = False
-        libcloud.security.VERIFY_SSL_CERT_STRICT = False
         self.httplib_object._setup_verify()
 
     @patch('warnings.warn')
     def test_setup_ca_cert(self, _):
         # verify = False, _setup_ca_cert should be a no-op
         self.httplib_object.verify = False
-        self.httplib_object.strict = False
         self.httplib_object._setup_ca_cert()
 
         self.assertEqual(self.httplib_object.ca_cert, None)
@@ -236,15 +225,18 @@ class TestHttpLibSSLTests(unittest.TestCase):
 
         self.assertTrue(self.httplib_object.ca_cert is not None)
 
-        # verify = True, no CA certs are available, warning should be emitted
+        # verify = True, no CA certs are available, exception should be thrown
         libcloud.security.CA_CERTS_PATH = []
-        self.httplib_object._setup_ca_cert()
-
-        warnings.warn.assert_called_once_with(
-            libcloud.security.CA_CERTS_UNAVAILABLE_WARNING_MSG)
 
-        self.assertFalse(self.httplib_object.ca_cert)
-        self.assertFalse(self.httplib_object.verify)
+        try:
+            self.httplib_object._setup_ca_cert()
+        except RuntimeError:
+            e = sys.exc_info()[1]
+            msg = libcloud.security.CA_CERTS_UNAVAILABLE_ERROR_MSG
+            self.assertEqual(str(e), msg)
+            pass
+        else:
+            self.fail('Exception not thrown')
 
 
 if __name__ == '__main__':


Mime
View raw message