Bugfix now multiple switches can connect with TLS
This fixes a bug in RYU StreamServer where SSLContext was modified for each connection. Now the SSLContext of the server socket is modified only once in __init__ Backport from https://github.com/faucetsdn/ryu/commit/906b3a3e Story: #2009283 Task: #43562 Change-Id: Ie7c2f4e202edff1f4286de31cf8314fdbec85f2d
This commit is contained in:
parent
dfcee319cb
commit
a6af993002
|
@ -136,21 +136,25 @@ if HUB_TYPE == 'eventlet':
|
||||||
self.server = eventlet.listen(listen_info)
|
self.server = eventlet.listen(listen_info)
|
||||||
|
|
||||||
if ssl_args:
|
if ssl_args:
|
||||||
def wrap_and_handle(sock, addr):
|
ssl_args.setdefault('server_side', True)
|
||||||
ssl_args.setdefault('server_side', True)
|
if 'ssl_ctx' in ssl_args:
|
||||||
if 'ssl_ctx' in ssl_args:
|
ctx = ssl_args.pop('ssl_ctx')
|
||||||
ctx = ssl_args.pop('ssl_ctx')
|
ctx.load_cert_chain(ssl_args.pop('certfile'),
|
||||||
ctx.load_cert_chain(ssl_args.pop('certfile'),
|
ssl_args.pop('keyfile'))
|
||||||
ssl_args.pop('keyfile'))
|
if 'cert_reqs' in ssl_args:
|
||||||
if 'cert_reqs' in ssl_args:
|
ctx.verify_mode = ssl_args.pop('cert_reqs')
|
||||||
ctx.verify_mode = ssl_args.pop('cert_reqs')
|
if 'ca_certs' in ssl_args:
|
||||||
if 'ca_certs' in ssl_args:
|
ctx.load_verify_locations(ssl_args.pop('ca_certs'))
|
||||||
ctx.load_verify_locations(ssl_args.pop('ca_certs'))
|
|
||||||
|
def wrap_and_handle_ctx(sock, addr):
|
||||||
handle(ctx.wrap_socket(sock, **ssl_args), addr)
|
handle(ctx.wrap_socket(sock, **ssl_args), addr)
|
||||||
else:
|
|
||||||
|
self.handle = wrap_and_handle_ctx
|
||||||
|
else:
|
||||||
|
def wrap_and_handle_ssl(sock, addr):
|
||||||
handle(ssl.wrap_socket(sock, **ssl_args), addr)
|
handle(ssl.wrap_socket(sock, **ssl_args), addr)
|
||||||
|
|
||||||
self.handle = wrap_and_handle
|
self.handle = wrap_and_handle_ssl
|
||||||
else:
|
else:
|
||||||
self.handle = handle
|
self.handle = handle
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue