I would appreciate some extra testing on this one.
We should really only need the old koji.ssl stuff for the ssl_login call. Once we're authenticated, we can switch.
This should help with some of the connection timeout issues some folks are experiencing (and if not, I'd like to know)
On 06/06/2015 05:44 PM, Mike McLean wrote:
koji/__init__.py | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-)
diff --git a/koji/__init__.py b/koji/__init__.py index 58971da..36772bb 100644 --- a/koji/__init__.py +++ b/koji/__init__.py @@ -1599,12 +1599,7 @@ class ClientSession(object): self.explicit_port = bool(_port) self._path = uri[2] default_port = 80
if self.opts.get('certs'):
ctx = ssl.SSLCommon.CreateSSLContext(self.opts['certs'])
cnxOpts = {'ssl_context' : ctx}
cnxClass = ssl.SSLCommon.PlgHTTPSConnection
default_port = 443
elif scheme == 'https':
if scheme == 'https': cnxOpts = {} cnxClass = httplib.HTTPSConnection default_port = 443
@@ -1737,21 +1732,21 @@ class ClientSession(object): certs['ca_cert'] = ca certs['peer_ca_cert'] = serverca
ctx = ssl.SSLCommon.CreateSSLContext(certs)
self._cnxOpts = {'ssl_context' : ctx}
# 60 second timeout during login
old_timeout = self._cnxOpts.get('timeout')
self._cnxOpts['timeout'] = 60
# for ssl authentication we use custom a connection class so
# that we can pass our certs try:
old_cnx = (self._cnxClass, self._cnxOpts)
ctx = ssl.SSLCommon.CreateSSLContext(certs)
self._cnxOpts = {'ssl_context' : ctx}
# 60 second timeout during login
self._cnxOpts['timeout'] = 60 self._cnxClass = ssl.SSLCommon.PlgHTTPSConnection if self._port == 80 and not self.explicit_port: self._port = 443 sinfo = self.callMethod('sslLogin', proxyuser) finally:
if old_timeout is None:
del self._cnxOpts['timeout']
else:
self._cnxOpts['timeout'] = old_timeout
# restore original connection type
self._cnxClass, self._cnxOpts = old_cnx if not sinfo: raise AuthError, 'unable to obtain a session'