Bugfix now multiple switches can connect with TLS
This fixes a bug in RYU StreamServer where SSLContext was modified for each connection. Now the SSLContext of the server socket is modified only once in __init__ Backport from https://github.com/faucetsdn/ryu/commit/906b3a3e Story: #2009283 Task: #43562 Change-Id: Ie7c2f4e202edff1f4286de31cf8314fdbec85f2d
This commit is contained in:
Slawek Kaplonski
parent
dfcee319cb
commit
a6af993002
|
|
@ -136,21 +136,25 @@ if HUB_TYPE == 'eventlet':
|
|||
self.server = eventlet.listen(listen_info)
|
||||
|
||||
if ssl_args:
|
||||
def wrap_and_handle(sock, addr):
|
||||
ssl_args.setdefault('server_side', True)
|
||||
if 'ssl_ctx' in ssl_args:
|
||||
ctx = ssl_args.pop('ssl_ctx')
|
||||
ctx.load_cert_chain(ssl_args.pop('certfile'),
|
||||
ssl_args.pop('keyfile'))
|
||||
if 'cert_reqs' in ssl_args:
|
||||
ctx.verify_mode = ssl_args.pop('cert_reqs')
|
||||
if 'ca_certs' in ssl_args:
|
||||
ctx.load_verify_locations(ssl_args.pop('ca_certs'))
|
||||
ssl_args.setdefault('server_side', True)
|
||||
if 'ssl_ctx' in ssl_args:
|
||||
ctx = ssl_args.pop('ssl_ctx')
|
||||
ctx.load_cert_chain(ssl_args.pop('certfile'),
|
||||
ssl_args.pop('keyfile'))
|
||||
if 'cert_reqs' in ssl_args:
|
||||
ctx.verify_mode = ssl_args.pop('cert_reqs')
|
||||
if 'ca_certs' in ssl_args:
|
||||
ctx.load_verify_locations(ssl_args.pop('ca_certs'))
|
||||
|
||||
def wrap_and_handle_ctx(sock, addr):
|
||||
handle(ctx.wrap_socket(sock, **ssl_args), addr)
|
||||
else:
|
||||
|
||||
self.handle = wrap_and_handle_ctx
|
||||
else:
|
||||
def wrap_and_handle_ssl(sock, addr):
|
||||
handle(ssl.wrap_socket(sock, **ssl_args), addr)
|
||||
|
||||
self.handle = wrap_and_handle
|
||||
self.handle = wrap_and_handle_ssl
|
||||
else:
|
||||
self.handle = handle
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue