From a6af9930028e1736ffda028dddcf2d190b43c22a Mon Sep 17 00:00:00 2001 From: Slawek Kaplonski Date: Wed, 13 Oct 2021 16:07:48 +0200 Subject: [PATCH] Bugfix now multiple switches can connect with TLS This fixes a bug in RYU StreamServer where SSLContext was modified for each connection. Now the SSLContext of the server socket is modified only once in __init__ Backport from https://github.com/faucetsdn/ryu/commit/906b3a3e Story: #2009283 Task: #43562 Change-Id: Ie7c2f4e202edff1f4286de31cf8314fdbec85f2d --- os_ken/lib/hub.py | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/os_ken/lib/hub.py b/os_ken/lib/hub.py index b5c5c702..5c404893 100644 --- a/os_ken/lib/hub.py +++ b/os_ken/lib/hub.py @@ -136,21 +136,25 @@ if HUB_TYPE == 'eventlet': self.server = eventlet.listen(listen_info) if ssl_args: - def wrap_and_handle(sock, addr): - ssl_args.setdefault('server_side', True) - if 'ssl_ctx' in ssl_args: - ctx = ssl_args.pop('ssl_ctx') - ctx.load_cert_chain(ssl_args.pop('certfile'), - ssl_args.pop('keyfile')) - if 'cert_reqs' in ssl_args: - ctx.verify_mode = ssl_args.pop('cert_reqs') - if 'ca_certs' in ssl_args: - ctx.load_verify_locations(ssl_args.pop('ca_certs')) + ssl_args.setdefault('server_side', True) + if 'ssl_ctx' in ssl_args: + ctx = ssl_args.pop('ssl_ctx') + ctx.load_cert_chain(ssl_args.pop('certfile'), + ssl_args.pop('keyfile')) + if 'cert_reqs' in ssl_args: + ctx.verify_mode = ssl_args.pop('cert_reqs') + if 'ca_certs' in ssl_args: + ctx.load_verify_locations(ssl_args.pop('ca_certs')) + + def wrap_and_handle_ctx(sock, addr): handle(ctx.wrap_socket(sock, **ssl_args), addr) - else: + + self.handle = wrap_and_handle_ctx + else: + def wrap_and_handle_ssl(sock, addr): handle(ssl.wrap_socket(sock, **ssl_args), addr) - self.handle = wrap_and_handle + self.handle = wrap_and_handle_ssl else: self.handle = handle