openstack/python-zunclient
Code Issues Proposed changes

Merge "fix websocketclient ssl issue"

Browse Source
This commit is contained in:
Zuul
2022-04-28 02:40:50 +00:00
committed by Gerrit Code Review
parent fa5b8ab02f 429645fcae
commit e9c48c74ee
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
zunclient/common/websocketclient/websocketclient.py
View File

@@ -23,6 +23,7 @@ from oslo_log import log as logging
import select import select
import signal import signal
import socket import socket
import ssl
import struct import struct
import sys import sys
import termios import termios
@@ -241,6 +242,8 @@ class WebSocketClient(BaseClient):
self.ws = websocket.create_connection( self.ws = websocket.create_connection(
url, skip_utf8_validation=True, url, skip_utf8_validation=True,
origin=self._compute_origin_header(url), origin=self._compute_origin_header(url),
sslopt={'cert_reqs': ssl.CERT_REQUIRED,
'ca_certs': self.get_system_ca_file()},
subprotocols=["binary", "base64"]) subprotocols=["binary", "base64"])
print('connected to %s, press Enter to continue' % self.id) print('connected to %s, press Enter to continue' % self.id)
print('type %s. to disconnect' % self.escape) print('type %s. to disconnect' % self.escape)
@@ -267,6 +270,20 @@ class WebSocketClient(BaseClient):
def recv(self): def recv(self):
return self.ws.recv() return self.ws.recv()
@staticmethod
def get_system_ca_file():
"""Return path to system default CA file."""
# Standard CA file locations for Debian/Ubuntu, RedHat/Fedora,
# Suse, FreeBSD/OpenBSD
ca_path = ['/etc/ssl/certs/ca-certificates.crt',
'/etc/pki/tls/certs/ca-bundle.crt',
'/etc/ssl/ca-bundle.pem',
'/etc/ssl/cert.pem']
for ca in ca_path:
if os.path.exists(ca):
return ca
return None
class AttachClient(WebSocketClient): class AttachClient(WebSocketClient):