[ovs-dev] [PATCH] python ovs: Fix SSL exceptions with pyOpenSSL v0.13

nusiddiq at redhat.com nusiddiq at redhat.com
Mon May 15 15:03:47 UTC 2017 

From: Numan Siddique <nusiddiq at redhat.com>

Centos provides pyOpenSSL version pyOpenSSL-0.13.1-3.el7.x86_64.
There are 2 issues using this version, which this patch fixes

 - The test case "simple idl verify notify - SSL" is skipped.
   This is because "python -m OpenSSL.SSL" is used to detect the
   presence of pyOpenSSL package. pyOpenSSL v0.13 has C python
   modules because of which the above command returns 1.
   So this patch fixes this using 'python -c "import OpenSSL.SSL"'.

 - The SSL.Context class do not the function "set_session_cache_mode"
   defined. So this patch uses hasattr() to detect this function
   before accessing it.

I have not tested with older versions (< 0.13) of pyOpenSSL.

Signed-off-by: Numan Siddique <nusiddiq at redhat.com>
---
 python/ovs/stream.py | 7 ++++++-
 tests/ovsdb-idl.at   | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/python/ovs/stream.py b/python/ovs/stream.py
index fc0368c..c037df5 100644
--- a/python/ovs/stream.py
+++ b/python/ovs/stream.py
@@ -767,7 +767,12 @@ class SSLStream(Stream):
         ctx = SSL.Context(SSL.SSLv23_METHOD)
         ctx.set_verify(SSL.VERIFY_PEER, SSLStream.verify_cb)
         ctx.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)
-        ctx.set_session_cache_mode(SSL.SESS_CACHE_OFF)
+
+        # 'set_session_cache_mode' attribute in SSL.Context is not present
+        # in pyOpenSSL version < 0.14. So check it before accessing it.
+        if hasattr(ctx, 'set_session_cache_mode'):
+            ctx.set_session_cache_mode(SSL.SESS_CACHE_OFF)
+
         # If the client has not set the SSL configuration files
         # exception would be raised.
         ctx.use_privatekey_file(Stream._SSL_private_key_file)
diff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at
index d28dfc1..4eaf87f 100644
--- a/tests/ovsdb-idl.at
+++ b/tests/ovsdb-idl.at
@@ -1185,7 +1185,7 @@ m4_define([OVSDB_CHECK_IDL_NOTIFY_SSL_PY],
   [AT_SETUP([$1 - SSL])
    AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
    AT_SKIP_IF([test $HAVE_PYTHON = no])
-   $PYTHON -m OpenSSL.SSL
+   $PYTHON -c "import OpenSSL.SSL"
    SSL_PRESENT=$?
    AT_SKIP_IF([test $SSL_PRESENT != 0])
    AT_KEYWORDS([ovsdb server idl Python notify - ssl socket])
-- 
2.9.3

More information about the dev mailing list