Attachment 918475 Details for Bug 1038586 – Distinguish between the default value of ssl_skip_hostname_check and manually setting the value to false

[patch] Distinguish between the default value of ssl_skip_hostname_check and manually setting the value to false

bz1038586.patch (text/plain), 1.42 KB, created by Ernie on 2014-07-16 16:54:42 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Ernie

Created: 2014-07-16 16:54:42 UTC

Size: 1.42 KB

patch

obsolete

>diff --git a/qpid/python/qpid/messaging/endpoints.py b/qpid/python/qpid/messaging/endpoints.py
>index d7add31..72b45cb 100644
>--- a/qpid/python/qpid/messaging/endpoints.py
>+++ b/qpid/python/qpid/messaging/endpoints.py
>@@ -173,6 +173,8 @@ class Connection(Endpoint):
>     self.ssl_keyfile = options.get("ssl_keyfile", None)
>     self.ssl_certfile = options.get("ssl_certfile", None)
>     self.ssl_trustfile = options.get("ssl_trustfile", None)
>+    # determine if ssl_skip_hostname_check was explicitly set
>+    self._ssl_skip_hostname_check_actual = options.get("ssl_skip_hostname_check")
>     self.ssl_skip_hostname_check = options.get("ssl_skip_hostname_check", False)
>     self.client_properties = options.get("client_properties", {})
> 
>diff --git a/qpid/python/qpid/messaging/transports.py b/qpid/python/qpid/messaging/transports.py
>index 3751aa1..1d12b60 100644
>--- a/qpid/python/qpid/messaging/transports.py
>+++ b/qpid/python/qpid/messaging/transports.py
>@@ -109,6 +109,11 @@ else:
>       else:
>         validate = CERT_NONE
> 
>+      # if user manually set flag to false then require cert
>+      actual = getattr(conn, "_ssl_skip_hostname_check_actual", None)
>+      if actual is not None and conn.ssl_skip_hostname_check is False:
>+        validate = CERT_REQUIRED
>+
>       self.tls = wrap_socket(self.socket, keyfile=conn.ssl_keyfile,
>                              certfile=conn.ssl_certfile,
>                              ca_certs=conn.ssl_trustfile,

Actions: View | Diff

Attachments on bug 1038586: 833118 | 917919 | 918475