[kupfer] Disable SSL by default, defer to kupfer.plugin.ssl_support

From: Ulrik Sverdrup <usverdrup src gnome org>
To: commits-list gnome org
Cc:
Subject: [kupfer] Disable SSL by default, defer to kupfer.plugin.ssl_support
Date: Thu, 10 Mar 2011 23:27:48 +0000 (UTC)
commit 071dcbd29e9fe6540073dcf5969263cb6a266b87
Author: Ulrik Sverdrup <ulrik sverdrup gmail com>
Date:   Fri Mar 11 00:25:31 2011 +0100

    Disable SSL by default, defer to kupfer.plugin.ssl_support
    
    kupfer.plugin.ssl_support is by default unimplemented, meaning that
    we do not use 'ssl' at all in Kupfer because of the license
    incompatibility (between two open source entities).
    
    _ssl.py implements SSL support by using the 'ssl' module in the
    standard library. _ssl.py will be provided separately from Kupfer in
    the future.
    
    _ssl.py is in contrib/ until next release.

 .gitattributes                 |    1 +
 contrib/_ssl.py                |   88 ++++++++++++++++++++++++++++++++++++++++
 kupfer/main.py                 |    6 +++
 kupfer/plugin/shorten_links.py |    7 +---
 kupfer/plugin/ssl_support.py   |   65 ++++++-----------------------
 5 files changed, 109 insertions(+), 58 deletions(-)
---
diff --git a/.gitattributes b/.gitattributes
index a15de41..2eba3a4 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,6 +1,7 @@
 /Documentation/Manual.rst	ident
 /.gitattributes		export-ignore
 /debug.py		export-ignore
+/contrib/_ssl.py	export-ignore
 
 # Filter .po files before committing
 # The filter will remove all filename:line comments when
diff --git a/contrib/_ssl.py b/contrib/_ssl.py
new file mode 100644
index 0000000..34f4775
--- /dev/null
+++ b/contrib/_ssl.py
@@ -0,0 +1,88 @@
+"""
+Implement SSL Support in Kupfer using Python's 'ssl' module.
+This plugin is named to be loaded first of all if it is activated.
+
+This extension is not part of Kupfer itself because OpenSSL (Python's 'ssl')
+is incompatible with the GNU GPLv3, even if both a open source. There is
+nothing prohibiting a user to use this plugin.
+"""
+__kupfer_name__ = _("SSL Support")
+__description__ = _("Enable OpenSSL support in Kupfer.")
+__version__ = ""
+__author__ = ""
+
+import sys
+from kupfer import pretty
+
+# unblock openssl modules
+for modname in ['ssl', '_ssl']:
+	if sys.modules.get(modname, 1) is None:
+		pretty.print_debug(__name__, "Unblocking module '%s'" % modname)
+		del sys.modules[modname]
+
+try:
+	import ssl
+except ImportError:
+	ssl = None
+
+import httplib
+
+from kupfer import pretty
+
+__all__ = ['VerifiedHTTPSConnection']
+
+
+if ssl:
+	# NOTE: Below we use inline imports so that the class is
+	#       transferrable to another module without dependencies on
+	#       module-globals!
+	class VerifiedHTTPSConnection(httplib.HTTPConnection):
+		"""
+		Raises RuntimeError if SSL is not supported
+		"""
+		default_port = 443
+		CA_CERT_LOCATIONS = (
+			"/etc/ssl/certs/ca-certificates.crt", # Debian
+			"/etc/pki/tls/certs/ca-bundle.crt",   # Red Hat
+		)
+		use_certificate_file = None
+
+		def __init__(self, *args, **kwargs):
+			import httplib
+			if not self.is_ssl_supported():
+				raise RuntimeError("SSL not supported")
+			self.key_file = None
+			self.cert_file = None
+			httplib.HTTPConnection.__init__(self, *args, **kwargs)
+
+		def connect(self):
+			import ssl
+			import socket
+			sock = socket.create_connection((self.host, self.port),self.timeout)
+			if self._tunnel_host:
+				self.sock = sock
+				self._tunnel()
+			# wrap the socket using verification with the root
+			self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
+				 cert_reqs=ssl.CERT_REQUIRED, ca_certs=self.use_certificate_file)
+
+		@classmethod
+		def is_ssl_supported(cls):
+			import os
+			from kupfer import pretty
+
+			if cls.use_certificate_file is not None:
+				return True
+			for caf in cls.CA_CERT_LOCATIONS:
+				if os.path.exists(caf):
+					cls.use_certificate_file = caf
+					pretty.print_debug(__name__, "Using CA Certificates file", caf)
+					return True
+			pretty.print_error(__name__, "SSL Error: No CA Certificates file found")
+			return False
+
+from kupfer.plugin import ssl_support
+# "install" into kupfer.plugin.ssl_support
+for x in __all__:
+	setattr(ssl_support, x, globals().get(x,None))
+
diff --git a/kupfer/main.py b/kupfer/main.py
index 5c94e07..69542ce 100644
--- a/kupfer/main.py
+++ b/kupfer/main.py
@@ -132,6 +132,11 @@ def _set_process_title():
 	else:
 		setproctitle.setproctitle("kupfer")
 
+def _block_incompat_modules():
+	""" block modules incompatible with the program license """
+	for mod in ['ssl', '_ssl']:
+		sys.modules[mod] = None
+
 def gtkmain(quiet):
 	import pygtk
 	pygtk.require('2.0')
@@ -161,6 +166,7 @@ def main():
 			pass
 	sys.excepthook = sys.__excepthook__
 	_set_process_title()
+	_block_incompat_modules()
 
 	quiet = ("--no-splash" in cli_opts)
 	gtkmain(quiet)
diff --git a/kupfer/plugin/shorten_links.py b/kupfer/plugin/shorten_links.py
index 0a2c987..33b7a24 100644
--- a/kupfer/plugin/shorten_links.py
+++ b/kupfer/plugin/shorten_links.py
@@ -8,11 +8,6 @@ __author__ = "Karol BÄ?dkowski <karol bedkowski gmail com>"
 import httplib
 import urllib
 
-try:
-	import ssl
-except ImportError:
-	ssl = None
-
 from kupfer.objects import Leaf, Action, Source, UrlLeaf, OperationError
 from kupfer.plugin import ssl_support
 from kupfer import pretty
@@ -160,7 +155,7 @@ class ServicesSource(Source):
 		yield IsGd()
 		yield VGd()
 		yield BitLy()
-		if ssl:
+		if ssl_support.is_supported():
 			yield BitLySSL()
 
 	def should_sort_lexically(self):
diff --git a/kupfer/plugin/ssl_support.py b/kupfer/plugin/ssl_support.py
index 7edb8ee..112f695 100644
--- a/kupfer/plugin/ssl_support.py
+++ b/kupfer/plugin/ssl_support.py
@@ -1,53 +1,14 @@
-
-import httplib
-import os
-import socket
-import urllib
-
-try:
-	import ssl
-except ImportError:
-	ssl = None
-
-CA_CERT_LOCATIONS = (
-	"/etc/ssl/certs/ca-certificates.crt", # Debian
-	"/etc/pki/tls/certs/ca-bundle.crt",   # Red Hat
-)
-
-from kupfer import pretty
-
-
-if ssl:
-	use_certificate_file = None
-	class VerifiedHTTPSConnection(httplib.HTTPSConnection):
-		"""
-		Raises RuntimeError if SSL is not supported
-		"""
-		def __init__(self, *args, **kwargs):
-			if not is_supported():
-				raise RuntimeError("SSL not supported")
-			httplib.HTTPSConnection.__init__(self, *args, **kwargs)
-
-		def connect(self):
-			sock = socket.create_connection((self.host, self.port),self.timeout)
-			if self._tunnel_host:
-				self.sock = sock
-				self._tunnel()
-			# wrap the socket using verification with the root
-			self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
-			     cert_reqs=ssl.CERT_REQUIRED, ca_certs=use_certificate_file)
-
-	def is_supported():
-		global use_certificate_file
-		if use_certificate_file is not None:
-			return True
-		for caf in CA_CERT_LOCATIONS:
-			if os.path.exists(caf):
-				use_certificate_file = caf
-				pretty.print_debug(__name__, "Using CA Certificates file", caf)
-				return True
-		pretty.print_error(__name__, "SSL Error: No CA Certificates file found")
-		return False
-else:
-	def is_supported():
+"""
+Stub implementation of HTTPS connections.
+"""
+
+class VerifiedHTTPSConnection (object):
+	"implementation stub"
+	def __init__(self, host, *args, **kwargs):
+		pass
+	@classmethod
+	def is_ssl_supported(cls):
 		return False
+
+def is_supported():
+	return VerifiedHTTPSConnection and VerifiedHTTPSConnection.is_ssl_supported()
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]