glanceclient.common.https.
OpenSSLConnectionDelegator
(*args, **kwargs)¶Bases: object
An OpenSSL.SSL.Connection delegator.
Supplies an additional ‘makefile’ method which httplib requires and is not present in OpenSSL.SSL.Connection.
Note: Since it is not possible to inherit from OpenSSL.SSL.Connection a delegator must be used.
makefile
(*args, **kwargs)¶glanceclient.common.https.
VerifiedHTTPSConnection
(host, port=None, key_file=None, cert_file=None, cacert=None, timeout=None, insecure=False, ssl_compression=True)¶Bases: httplib.HTTPSConnection
Extended OpenSSL HTTPSConnection for enhanced SSL support.
CIPHERS
= 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:eCDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'¶connect
()¶Connect to an SSL port using the OpenSSL library.
This method also applies per-connection parameters to the connection.
set_context
()¶Set up the OpenSSL context.
glanceclient.common.https.
do_verify_callback
(connection, x509, errnum, depth, preverify_ok, host=None)¶Verify the server’s SSL certificate.
This is a standalone function rather than a method to avoid issues around closing sockets if a reference is held on a VerifiedHTTPSConnection by the callback function.
glanceclient.common.https.
host_matches_cert
(host, x509)¶Verify the certificate identifies the host.
Verify that the x509 certificate we have received from ‘host’ correctly identifies the server we are connecting to, ie that the certificate’s Common Name or a Subject Alternative Name matches ‘host’.
glanceclient.common.https.
to_bytes
(s)¶glanceclient.common.https.
verify_callback
(host=None)¶Provide wrapper for do_verify_callback.
We use a partial around the ‘real’ verify_callback function so that we can stash the host value without holding a reference on the VerifiedHTTPSConnection.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.