[openlmi-tools/f20] drop certificate verification callback

Peter Hatina phatina at fedoraproject.org
Wed Dec 18 10:24:56 UTC 2013 

commit 558d7c3bc675b8cef287641676e357eac5141417
Author: Peter Hatina <phatina at redhat.com>
Date:   Wed Dec 18 11:02:17 2013 +0100

    drop certificate verification callback

 openlmi-tools-13-drop-verification-callback.patch |   70 +++++++++++++++++++++
 openlmi-tools.spec                                |    8 ++-
 2 files changed, 77 insertions(+), 1 deletions(-)
---
diff --git a/openlmi-tools-13-drop-verification-callback.patch b/openlmi-tools-13-drop-verification-callback.patch
new file mode 100644
index 0000000..c61847f
--- /dev/null
+++ b/openlmi-tools-13-drop-verification-callback.patch
@@ -0,0 +1,70 @@
+diff --git a/cli/lmi/shell/LMIBaseClient.py b/cli/lmi/shell/LMIBaseClient.py
+index c2d78e9..6a0f677 100644
+--- a/cli/lmi/shell/LMIBaseClient.py
++++ b/cli/lmi/shell/LMIBaseClient.py
+@@ -48,23 +48,6 @@ class LMIBaseClient(object):
+     CONN_TYPE_PEGASUS_UDS = range(2)
+ 
+     def __init__(self, uri, username="", password="", **kwargs):
+-        def verify_callback(conn, cert, errno, errdepth, rcode):
+-            """
+-            Callback function used to verify the server certificate. It is passed to
+-            OpenSSL.SSL.set_verify, and is called during the SSL handshake. This function
+-            returns True, if verification passes and False otherwise.
+-
+-            :param conn: Connection object
+-            :param cert: x509 object
+-            :param int errno: potential error number
+-            :param int errdepth: error depth
+-            :param int rcode: return code
+-            :returns: True, if certificate was successfully verified; False otherwise
+-
+-            **NOTE:** see :py:class:`pywbem.cim_operations.WBEMConnection`
+-            """
+-            return bool(rcode)
+-
+         # Set remaining arguments
+         conn_type = kwargs.pop("conn_type", LMIBaseClient.CONN_TYPE_WBEM)
+         verify_server_cert = kwargs.pop("verify_server_cert", True)
+@@ -83,7 +66,7 @@ class LMIBaseClient(object):
+             self._cliconn = pywbem.WBEMConnection(self._uri,
+                 (self._username, password),
+                 x509={"key_file" : key_file, "cert_file" : cert_file},
+-                verify_callback=verify_callback if verify_server_cert else None
++                no_verification=not verify_server_cert
+             )
+ 
+     # NOTE: usage with Key=something, Value=something is deprecated
+diff --git a/cli/lmi/shell/LMIConnection.py b/cli/lmi/shell/LMIConnection.py
+index af9379b..d00e187 100644
+--- a/cli/lmi/shell/LMIConnection.py
++++ b/cli/lmi/shell/LMIConnection.py
+@@ -21,7 +21,9 @@ import logging
+ import readline
+ import urlparse
+ 
+-import OpenSSL.SSL
++import M2Crypto.SSL
++import M2Crypto.SSL.Checker
++import M2Crypto.X509
+ 
+ from LMIBaseClient import LMIBaseClient
+ from LMIShellClient import LMIShellClient
+@@ -312,12 +314,12 @@ class LMIConnection(object):
+                 return LMIReturnValue(rval=True)
+             lmi_raise_or_dump_exception(e)
+             errorstr = e.args[1]
+-        except pywbem.cim_http.AuthError, e:
++        except (pywbem.cim_http.AuthError, \
++                M2Crypto.SSL.Checker.SSLVerificationError, \
++                M2Crypto.SSL.SSLError, \
++                M2Crypto.X509.X509Error), e:
+             lmi_raise_or_dump_exception(e)
+-            errorstr = e.args[0]
+-        except OpenSSL.SSL.Error, e:
+-            lmi_raise_or_dump_exception(e)
+-            errorstr = e.args[0][0][2]
++            errorstr = str(e)
+         return LMIReturnValue(rval=False, errorstr=errorstr)
+ 
+     def subscribe_indication(self, **kwargs):
diff --git a/openlmi-tools.spec b/openlmi-tools.spec
index 2595ade..22d0bcc 100644
--- a/openlmi-tools.spec
+++ b/openlmi-tools.spec
@@ -1,6 +1,6 @@
 Name:           openlmi-tools
 Version:        0.9
-Release:        14%{?dist}
+Release:        15%{?dist}
 Summary:        Set of CLI tools for Openlmi providers
 
 License:        GPLv2+
@@ -18,6 +18,7 @@ Patch8:         openlmi-tools-09-fix-blocking-when-receiving-indication.patch
 Patch9:         openlmi-tools-10-fix-indication-unique-name.patch
 Patch10:        openlmi-tools-11-update-documentation.patch
 Patch11:        openlmi-tools-12-simplify-indication-subscription.patch
+Patch12:        openlmi-tools-13-drop-verification-callback.patch
 BuildArch:      noarch
 
 BuildRequires:  automake
@@ -57,6 +58,7 @@ Summary:        Documentation for %{name}
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
 pushd cli
@@ -108,6 +110,10 @@ install -m 644 cli/completion/_lmishell $zsh_comp_dir
 %{_docdir}/%{name}-%{version}/html
 
 %changelog
+* Wed Dec 18 2013 Peter Hatina <phatina at redhat.com> - 0.9-15
+- drop certificate verification callback; all the checks are
+  done in pywbem
+
 * Mon Dec  9 2013 Peter Hatina <phatina at redhat.com> - 0.9-14
 - simplify indication subscription

More information about the scm-commits mailing list