Do not pass a family parameter to SSL.Connection's constructor if it
does not support it. If the family parameter is not supported, we
_try_ to fallback to socket.AF_INET, which is implicitly used by
older versions of the SSL.Connection class.
Fixes: #274 ("osc 0.157 Exception AttributeError: "Connection
instance has no attribute 'ssl_close_flag'"")
Currently osc can't access API URLs which share the same IP address
with other SSL-enabled sites, complaining about certificate
not matching hostname.
This change solves this problem by instructing M2Crypto.SSL.Connection
to send the desired hostname to https server using TLS SNI extension,
thus allowing the server to present the right certificate and choose
the right virtual site.
This is useful for those who can't afford to have a separate IP address
for OBS API.
For TLS SNI to work correctly, M2Crypto should be patched:
https://bugzilla.osafoundation.org/show_bug.cgi?id=13073
Some distributions (like Fedora) already include this patch.
For unpatched M2Crypto osc degrades to operation without TLS SNI.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
If http_debug is set we redirect sys.stdout to an StringIO
instance in order to do some header filtering (see conf module)
so we have to use the "original" stdout for printing the certificate
information.
raw_input has been removed and equals to input in py3. Unfortunatelly no
__future__ statement exists for that. Ensure all modules uses
osc.core.raw_input except osc.cmdln, where there is NameError way
implemented.
The most visible change in python3 - removal of print statement and all
the crufty
print >> sys.stderr, foo,
The from __future__ import print_function makes it available in python
2.6
Some modules (httplib, StringIO, ...) were renamed in python3. This
patch try to import the proper symbols from python3 and then fallback to
python2 in a case ImportError will appear.
There is one exception, python 2.7 got the io module with StringIO, but
it allow unicode arguments only. Therefor the old module is poked before
new one.
This patch workarounds the BEAST attack in the client side
making OSC to prefer TLS v1.1 or v1.2 ciphers/key exchanges
when available.
Now, as long as openSUSE API webservers do not support
these protocols it will prefer the RC4-SHA1 combination to
be in the safe side.
Now "myProxyHTTPSConnection" inherits from "M2Crypto.httpslib.ProxyHTTPSConnection" _and_ "httplib.HTTPSConnection".
The latter class is only used to call "httplib.HTTPSConnection.endheaders". This multiple inheritance shouldn't have any side-effects
because "M2Crypto.httpslib.ProxyHTTPSConnection" already inherits from "httplib.HTTPSConnection" (and mro will pick the methods from
"M2Crypto.httpslib.ProxyHTTPSConnection" first).