[kupfer] Introduce VerifiedHTTPSConnection in ssl_support.py

From: Ulrik Sverdrup <usverdrup src gnome org>
To: commits-list gnome org
Cc:
Subject: [kupfer] Introduce VerifiedHTTPSConnection in ssl_support.py
Date: Fri, 4 Mar 2011 16:26:08 +0000 (UTC)

commit 0a5ba2f520738c070ff35f43121178c0e8c4aee8
Author: Ulrik Sverdrup <ulrik sverdrup gmail com>
Date:   Fri Mar 4 04:29:23 2011 +0100

    Introduce VerifiedHTTPSConnection in ssl_support.py
    
    Establish a HTTPS connection and check the server certificate against
    the system certificate files. If there is a certificate mismatch, ssl
    will raise an exception.

 kupfer/plugin/ssl_support.py |   53 ++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 53 insertions(+), 0 deletions(-)
---
diff --git a/kupfer/plugin/ssl_support.py b/kupfer/plugin/ssl_support.py
new file mode 100644
index 0000000..7edb8ee
--- /dev/null
+++ b/kupfer/plugin/ssl_support.py
@@ -0,0 +1,53 @@
+
+import httplib
+import os
+import socket
+import urllib
+
+try:
+	import ssl
+except ImportError:
+	ssl = None
+
+CA_CERT_LOCATIONS = (
+	"/etc/ssl/certs/ca-certificates.crt", # Debian
+	"/etc/pki/tls/certs/ca-bundle.crt",   # Red Hat
+)
+
+from kupfer import pretty
+
+
+if ssl:
+	use_certificate_file = None
+	class VerifiedHTTPSConnection(httplib.HTTPSConnection):
+		"""
+		Raises RuntimeError if SSL is not supported
+		"""
+		def __init__(self, *args, **kwargs):
+			if not is_supported():
+				raise RuntimeError("SSL not supported")
+			httplib.HTTPSConnection.__init__(self, *args, **kwargs)
+
+		def connect(self):
+			sock = socket.create_connection((self.host, self.port),self.timeout)
+			if self._tunnel_host:
+				self.sock = sock
+				self._tunnel()
+			# wrap the socket using verification with the root
+			self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
+			     cert_reqs=ssl.CERT_REQUIRED, ca_certs=use_certificate_file)
+
+	def is_supported():
+		global use_certificate_file
+		if use_certificate_file is not None:
+			return True
+		for caf in CA_CERT_LOCATIONS:
+			if os.path.exists(caf):
+				use_certificate_file = caf
+				pretty.print_debug(__name__, "Using CA Certificates file", caf)
+				return True
+		pretty.print_error(__name__, "SSL Error: No CA Certificates file found")
+		return False
+else:
+	def is_supported():
+		return False

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]