[openlmi-tools] drop certificate verification callback
Peter Hatina
phatina at fedoraproject.org
Wed Dec 18 10:24:36 UTC 2013
commit 367cefd2eb513bbdaf44aa7fd4cb3ff07ea9a5b8
Author: Peter Hatina <phatina at redhat.com>
Date: Wed Dec 18 11:02:17 2013 +0100
drop certificate verification callback
openlmi-tools-13-drop-verification-callback.patch | 70 +++++++++++++++++++++
openlmi-tools.spec | 8 ++-
2 files changed, 77 insertions(+), 1 deletions(-)
---
diff --git a/openlmi-tools-13-drop-verification-callback.patch b/openlmi-tools-13-drop-verification-callback.patch
new file mode 100644
index 0000000..c61847f
--- /dev/null
+++ b/openlmi-tools-13-drop-verification-callback.patch
@@ -0,0 +1,70 @@
+diff --git a/cli/lmi/shell/LMIBaseClient.py b/cli/lmi/shell/LMIBaseClient.py
+index c2d78e9..6a0f677 100644
+--- a/cli/lmi/shell/LMIBaseClient.py
++++ b/cli/lmi/shell/LMIBaseClient.py
+@@ -48,23 +48,6 @@ class LMIBaseClient(object):
+ CONN_TYPE_PEGASUS_UDS = range(2)
+
+ def __init__(self, uri, username="", password="", **kwargs):
+- def verify_callback(conn, cert, errno, errdepth, rcode):
+- """
+- Callback function used to verify the server certificate. It is passed to
+- OpenSSL.SSL.set_verify, and is called during the SSL handshake. This function
+- returns True, if verification passes and False otherwise.
+-
+- :param conn: Connection object
+- :param cert: x509 object
+- :param int errno: potential error number
+- :param int errdepth: error depth
+- :param int rcode: return code
+- :returns: True, if certificate was successfully verified; False otherwise
+-
+- **NOTE:** see :py:class:`pywbem.cim_operations.WBEMConnection`
+- """
+- return bool(rcode)
+-
+ # Set remaining arguments
+ conn_type = kwargs.pop("conn_type", LMIBaseClient.CONN_TYPE_WBEM)
+ verify_server_cert = kwargs.pop("verify_server_cert", True)
+@@ -83,7 +66,7 @@ class LMIBaseClient(object):
+ self._cliconn = pywbem.WBEMConnection(self._uri,
+ (self._username, password),
+ x509={"key_file" : key_file, "cert_file" : cert_file},
+- verify_callback=verify_callback if verify_server_cert else None
++ no_verification=not verify_server_cert
+ )
+
+ # NOTE: usage with Key=something, Value=something is deprecated
+diff --git a/cli/lmi/shell/LMIConnection.py b/cli/lmi/shell/LMIConnection.py
+index af9379b..d00e187 100644
+--- a/cli/lmi/shell/LMIConnection.py
++++ b/cli/lmi/shell/LMIConnection.py
+@@ -21,7 +21,9 @@ import logging
+ import readline
+ import urlparse
+
+-import OpenSSL.SSL
++import M2Crypto.SSL
++import M2Crypto.SSL.Checker
++import M2Crypto.X509
+
+ from LMIBaseClient import LMIBaseClient
+ from LMIShellClient import LMIShellClient
+@@ -312,12 +314,12 @@ class LMIConnection(object):
+ return LMIReturnValue(rval=True)
+ lmi_raise_or_dump_exception(e)
+ errorstr = e.args[1]
+- except pywbem.cim_http.AuthError, e:
++ except (pywbem.cim_http.AuthError, \
++ M2Crypto.SSL.Checker.SSLVerificationError, \
++ M2Crypto.SSL.SSLError, \
++ M2Crypto.X509.X509Error), e:
+ lmi_raise_or_dump_exception(e)
+- errorstr = e.args[0]
+- except OpenSSL.SSL.Error, e:
+- lmi_raise_or_dump_exception(e)
+- errorstr = e.args[0][0][2]
++ errorstr = str(e)
+ return LMIReturnValue(rval=False, errorstr=errorstr)
+
+ def subscribe_indication(self, **kwargs):
diff --git a/openlmi-tools.spec b/openlmi-tools.spec
index 2595ade..22d0bcc 100644
--- a/openlmi-tools.spec
+++ b/openlmi-tools.spec
@@ -1,6 +1,6 @@
Name: openlmi-tools
Version: 0.9
-Release: 14%{?dist}
+Release: 15%{?dist}
Summary: Set of CLI tools for Openlmi providers
License: GPLv2+
@@ -18,6 +18,7 @@ Patch8: openlmi-tools-09-fix-blocking-when-receiving-indication.patch
Patch9: openlmi-tools-10-fix-indication-unique-name.patch
Patch10: openlmi-tools-11-update-documentation.patch
Patch11: openlmi-tools-12-simplify-indication-subscription.patch
+Patch12: openlmi-tools-13-drop-verification-callback.patch
BuildArch: noarch
BuildRequires: automake
@@ -57,6 +58,7 @@ Summary: Documentation for %{name}
%patch9 -p1
%patch10 -p1
%patch11 -p1
+%patch12 -p1
%build
pushd cli
@@ -108,6 +110,10 @@ install -m 644 cli/completion/_lmishell $zsh_comp_dir
%{_docdir}/%{name}-%{version}/html
%changelog
+* Wed Dec 18 2013 Peter Hatina <phatina at redhat.com> - 0.9-15
+- drop certificate verification callback; all the checks are
+ done in pywbem
+
* Mon Dec 9 2013 Peter Hatina <phatina at redhat.com> - 0.9-14
- simplify indication subscription
More information about the scm-commits
mailing list