glanceclient.common.https module

class glanceclient.common.https.OpenSSLConnectionDelegator(*args, **kwargs)

Bases: object

An OpenSSL.SSL.Connection delegator.

Supplies an additional ‘makefile’ method which httplib requires and is not present in OpenSSL.SSL.Connection.

Note: Since it is not possible to inherit from OpenSSL.SSL.Connection a delegator must be used.

makefile(*args, **kwargs)

class glanceclient.common.https.VerifiedHTTPSConnection(host, port=None, key_file=None, cert_file=None, cacert=None, timeout=None, insecure=False, ssl_compression=True)

Bases: http.client.HTTPSConnection

Extended OpenSSL HTTPSConnection for enhanced SSL support.

Note: Much of this functionality can eventually be replaced

with native Python 3.3 code.

CIPHERS = 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:eCDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'

connect()

Connect to an SSL port using the OpenSSL library.

This method also applies per-connection parameters to the connection.

set_context()

Set up the OpenSSL context.

glanceclient.common.https.do_verify_callback(connection, x509, errnum, depth, preverify_ok, host=None)

Verify the server’s SSL certificate.

This is a standalone function rather than a method to avoid issues around closing sockets if a reference is held on a VerifiedHTTPSConnection by the callback function.

glanceclient.common.https.host_matches_cert(host, x509)

Verify the certificate identifies the host.

Verify that the x509 certificate we have received from ‘host’ correctly identifies the server we are connecting to, ie that the certificate’s Common Name or a Subject Alternative Name matches ‘host’.

glanceclient.common.https.to_bytes(s)

glanceclient.common.https.verify_callback(host=None)

Provide wrapper for do_verify_callback.

We use a partial around the ‘real’ verify_callback function so that we can stash the host value without holding a reference on the VerifiedHTTPSConnection.