Launchpad itself

Merge lp:~cjwatson/launchpad/unverified-salesforce-proxy into lp:launchpad

  1. unverified-salesforce-proxy
  2. Merge into devel
Proposed by Colin Watson
Status: Merged
Merged at revision: 18367
Proposed branch: lp:~cjwatson/launchpad/unverified-salesforce-proxy
Merge into: lp:launchpad
Diff against target: 59 lines (+15/-6)
2 files modified
lib/lp/services/salesforce/proxy.py (+12/-3)
lib/lp/services/timeout.py (+3/-3)
To merge this branch: bzr merge lp:~cjwatson/launchpad/unverified-salesforce-proxy
Reviewer Review Type Date Requested Status
William Grant code Approve
Review via email: mp+323661@code.launchpad.net

Commit message

Disable TLS certificate verification for the Salesforce proxy.

Description of the change

The proxy is currently running off a self-signed certificate, so xenial's Python dislikes it by default. We should probably sort out the certificate situation at some point, but there are better things to do than to try to tidy up canonical-sfi.

Automatic testing is awkward, but I've tested this manually by SSH-forwarding to niobium.

To post a comment you must log in.
Revision history for this message
William Grant (wgrant) :
review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'lib/lp/services/salesforce/proxy.py'
2--- lib/lp/services/salesforce/proxy.py 2015-10-14 15:22:01 +0000
3+++ lib/lp/services/salesforce/proxy.py 2017-05-05 12:20:17 +0000
4@@ -1,4 +1,4 @@
5-# Copyright 2009-2010 Canonical Ltd. This software is licensed under the
6+# Copyright 2009-2017 Canonical Ltd. This software is licensed under the
7 # GNU Affero General Public License version 3 (see the file LICENSE).
8
9 """Utilities for accessing the external Salesforce proxy."""
10@@ -11,7 +11,7 @@
11 'Voucher',
12 ]
13
14-
15+import ssl
16 from xmlrpclib import (
17 Fault,
18 ServerProxy,
19@@ -91,8 +91,17 @@
20 class SalesforceVoucherProxy:
21
22 def __init__(self):
23+ # XXX cjwatson 2017-05-05: The proxy currently only has a
24+ # self-signed certificate. Until that's fixed, don't bother
25+ # checking it. This can be simplified once everything is on Python
26+ # >= 2.7.9 so that ssl.SSLContext is always available.
27+ kwargs = {}
28+ if hasattr(ssl, "SSLContext"):
29+ context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
30+ context.options |= ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3
31+ kwargs["context"] = context
32 self.xmlrpc_transport = SafeTransportWithTimeout(
33- config.commercial.voucher_proxy_timeout / 1000.0)
34+ timeout=config.commercial.voucher_proxy_timeout / 1000.0, **kwargs)
35
36 @cachedproperty
37 def url(self):
38
39=== modified file 'lib/lp/services/timeout.py'
40--- lib/lp/services/timeout.py 2016-12-22 16:32:38 +0000
41+++ lib/lp/services/timeout.py 2017-05-05 12:20:17 +0000
42@@ -1,4 +1,4 @@
43-# Copyright 2009-2016 Canonical Ltd. This software is licensed under the
44+# Copyright 2009-2017 Canonical Ltd. This software is licensed under the
45 # GNU Affero General Public License version 3 (see the file LICENSE).
46
47 """Helpers to time out external operations."""
48@@ -343,9 +343,9 @@
49
50 timeout = None
51
52- def __init__(self, timeout=None):
53+ def __init__(self, timeout=None, **kwargs):
54 # Old style class call to super required.
55- SafeTransport.__init__(self)
56+ SafeTransport.__init__(self, **kwargs)
57 self.timeout = timeout
58
59 def make_connection(self, host):