¡@
OpenStack Study: sslutils.py**** CubicPower OpenStack Study **** def is_enabled(): cert_file = CONF.ssl.cert_file key_file = CONF.ssl.key_file ca_file = CONF.ssl.ca_file use_ssl = cert_file or key_file if cert_file and not os.path.exists(cert_file): raise RuntimeError(_("Unable to find cert_file : %s") % cert_file) if ca_file and not os.path.exists(ca_file): raise RuntimeError(_("Unable to find ca_file : %s") % ca_file) if key_file and not os.path.exists(key_file): raise RuntimeError(_("Unable to find key_file : %s") % key_file) if use_ssl and (not cert_file or not key_file): raise RuntimeError(_("When running server in SSL mode, you must " "specify both a cert_file and key_file " "option value in your configuration file")) return use_ssl
**** CubicPower OpenStack Study **** def wrap(sock): ssl_kwargs = { 'server_side': True, 'certfile': CONF.ssl.cert_file, 'keyfile': CONF.ssl.key_file, 'cert_reqs': ssl.CERT_NONE, } if CONF.ssl.ca_file: ssl_kwargs['ca_certs'] = CONF.ssl.ca_file ssl_kwargs['cert_reqs'] = ssl.CERT_REQUIRED return ssl.wrap_socket(sock, **ssl_kwargs) _SSL_PROTOCOLS = { "tlsv1": ssl.PROTOCOL_TLSv1, "sslv23": ssl.PROTOCOL_SSLv23, "sslv3": ssl.PROTOCOL_SSLv3 } try: _SSL_PROTOCOLS["sslv2"] = ssl.PROTOCOL_SSLv2 except AttributeError: pass
**** CubicPower OpenStack Study **** def validate_ssl_version(version): key = version.lower() try: return _SSL_PROTOCOLS[key] except KeyError: raise RuntimeError(_("Invalid SSL version : %s") % version)
|