opendev/gear
Code Issues Proposed changes

Merge "Add support for server name indication"

Browse Source
This commit is contained in:
Zuul 2019-06-17 16:17:30 +00:00 committed by Gerrit Code Review
commit 483ab492a8
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
gear/__init__.py
View File

@ -205,11 +205,12 @@ class Connection(object):
if self.use_ssl: if self.use_ssl:
self.log.debug("Using SSL") self.log.debug("Using SSL")
s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_TLSv1, context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
cert_reqs=ssl.CERT_REQUIRED, context.verify_mode = ssl.CERT_REQUIRED
keyfile=self.ssl_key, context.check_hostname = False
certfile=self.ssl_cert, context.load_cert_chain(self.ssl_cert, self.ssl_key)
ca_certs=self.ssl_ca) context.load_verify_locations(self.ssl_ca)
s = context.wrap_socket(s, server_hostname=self.host)
try: try:
s.connect(sa) s.connect(sa)
@ -2851,12 +2852,11 @@ class Server(BaseClientServer):
self.log.debug("Accepting new connection") self.log.debug("Accepting new connection")
c, addr = self.socket.accept() c, addr = self.socket.accept()
if self.use_ssl: if self.use_ssl:
c = ssl.wrap_socket(c, server_side=True, context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
keyfile=self.ssl_key, context.verify_mode = ssl.CERT_REQUIRED
certfile=self.ssl_cert, context.load_cert_chain(self.ssl_cert, self.ssl_key)
ca_certs=self.ssl_ca, context.load_verify_locations(self.ssl_ca)
cert_reqs=ssl.CERT_REQUIRED, c = context.wrap_socket(c, server_side=True)
ssl_version=ssl.PROTOCOL_TLSv1)
conn = ServerConnection(addr, c, self.use_ssl, conn = ServerConnection(addr, c, self.use_ssl,
self.client_id) self.client_id)
self.log.info("Accepted connection %s" % (conn,)) self.log.info("Accepted connection %s" % (conn,))