[ovs-dev] [PATCH] python ovs: Fix SSL exceptions with pyOpenSSL v0.13
nusiddiq at redhat.com
nusiddiq at redhat.com
Mon May 15 15:03:47 UTC 2017
From: Numan Siddique <nusiddiq at redhat.com>
Centos provides pyOpenSSL version pyOpenSSL-0.13.1-3.el7.x86_64.
There are 2 issues using this version, which this patch fixes
- The test case "simple idl verify notify - SSL" is skipped.
This is because "python -m OpenSSL.SSL" is used to detect the
presence of pyOpenSSL package. pyOpenSSL v0.13 has C python
modules because of which the above command returns 1.
So this patch fixes this using 'python -c "import OpenSSL.SSL"'.
- The SSL.Context class do not the function "set_session_cache_mode"
defined. So this patch uses hasattr() to detect this function
before accessing it.
I have not tested with older versions (< 0.13) of pyOpenSSL.
Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
---
python/ovs/stream.py | 7 ++++++-
tests/ovsdb-idl.at | 2 +-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/python/ovs/stream.py b/python/ovs/stream.py
index fc0368c..c037df5 100644
--- a/python/ovs/stream.py
+++ b/python/ovs/stream.py
@@ -767,7 +767,12 @@ class SSLStream(Stream):
ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.set_verify(SSL.VERIFY_PEER, SSLStream.verify_cb)
ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
- ctx.set_session_cache_mode(SSL.SESS_CACHE_OFF)
+
+ # 'set_session_cache_mode' attribute in SSL.Context is not present
+ # in pyOpenSSL version < 0.14. So check it before accessing it.
+ if hasattr(ctx, 'set_session_cache_mode'):
+ ctx.set_session_cache_mode(SSL.SESS_CACHE_OFF)
+
# If the client has not set the SSL configuration files
# exception would be raised.
ctx.use_privatekey_file(Stream._SSL_private_key_file)
diff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at
index d28dfc1..4eaf87f 100644
--- a/tests/ovsdb-idl.at
+++ b/tests/ovsdb-idl.at
@@ -1185,7 +1185,7 @@ m4_define([OVSDB_CHECK_IDL_NOTIFY_SSL_PY],
[AT_SETUP([$1 - SSL])
AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
AT_SKIP_IF([test $HAVE_PYTHON = no])
- $PYTHON -m OpenSSL.SSL
+ $PYTHON -c "import OpenSSL.SSL"
SSL_PRESENT=$?
AT_SKIP_IF([test $SSL_PRESENT != 0])
AT_KEYWORDS([ovsdb server idl Python notify - ssl socket])
--
2.9.3
More information about the dev
mailing list