Ubuntu One Client

Merge lp:~statik/ubuntuone-client/no-ssl-verify into lp:ubuntuone-client

  1. no-ssl-verify
  2. Merge into trunk
Proposed by Elliot Murphy
Status: Merged
Approved by: Guillermo Gonzalez
Approved revision: 48
Merged at revision: not available
Proposed branch: lp:~statik/ubuntuone-client/no-ssl-verify
Merge into: lp:ubuntuone-client
Diff against target: None lines
To merge this branch: bzr merge lp:~statik/ubuntuone-client/no-ssl-verify
Reviewer Review Type Date Requested Status
Guillermo Gonzalez Approve
Philip Fibiger (community) Approve
Review via email: mp+7647@code.launchpad.net

Commit message

[r=pfibiger, r=verterok] This is the first of two branches to enable SSL verification in the syncdaemon. This adds a config option that our test suite can use to disable SSL certification verification in the test suite only, and the second branch will enable SSL verification by default.

To post a comment you must log in.
Revision history for this message
Elliot Murphy (statik) wrote :

This is the first of two branches to enable SSL verification in the syncdaemon. This adds a config option that our test suite can use to disable SSL certification verification in the test suite only, and the second branch will enable SSL verification by default.

Revision history for this message
Philip Fibiger (pfibiger) wrote :

this looks good. well commented, too :)

review: Approve
Revision history for this message
Guillermo Gonzalez (verterok) wrote :

Looks ok.

review: Approve
Revision history for this message
Guillermo Gonzalez (verterok) wrote :

Looks ok.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'bin/ubuntuone-syncdaemon'
2--- bin/ubuntuone-syncdaemon 2009-05-14 15:04:58 +0000
3+++ bin/ubuntuone-syncdaemon 2009-06-18 19:01:02 +0000
4@@ -117,6 +117,7 @@
5 main = Main(user_root_dir, shares_root_dir, options.data_dir,
6 host=options.host, port=int(options.port),
7 dns_srv=options.dns_srv, ssl=True,
8+ disable_ssl_verify=options.disable_ssl_verify,
9 realm=options.realm, mark_interval=options.mark_interval)
10 if options.oauth:
11 try:
12
13=== modified file 'canonical/ubuntuone/storage/syncdaemon/action_queue.py'
14--- canonical/ubuntuone/storage/syncdaemon/action_queue.py 2009-06-12 22:14:02 +0000
15+++ canonical/ubuntuone/storage/syncdaemon/action_queue.py 2009-06-18 19:01:02 +0000
16@@ -473,12 +473,13 @@
17 protocol = ActionQueueProtocol
18
19 def __init__(self, event_queue, host, port, dns_srv,
20- use_ssl=False):
21+ use_ssl=False, disable_ssl_verify=False):
22 self.event_queue = event_queue
23 self.host = host
24 self.port = port
25 self.dns_srv = dns_srv
26 self.use_ssl = use_ssl
27+ self.disable_ssl_verify = disable_ssl_verify
28
29 self.token = None
30 self.client = None
31@@ -580,9 +581,17 @@
32 def _connect(result):
33 """ do the real thing """
34 host, port = result
35+ if self.disable_verify_ssl:
36+ # This ssl context does no certficate verification
37+ # and is only safe to use in the test suite.
38+ sslContext = ssl.ClientContextFactory()
39+ else:
40+ # XXX: This fix is being landed in stages.
41+ # here we need to use a proper SSL context that will
42+ # verify the certificate and disconnect if invalid.
43+ sslContext = ssl.ClientContextFactory()
44 if self.use_ssl:
45- reactor.connectSSL(host, port, self,
46- ssl.ClientContextFactory())
47+ reactor.connectSSL(host, port, self, sslContext)
48 else:
49 reactor.connectTCP(host, port, self)
50 d.addCallback(_connect)
51
52=== modified file 'canonical/ubuntuone/storage/syncdaemon/main.py'
53--- canonical/ubuntuone/storage/syncdaemon/main.py 2009-05-26 14:23:45 +0000
54+++ canonical/ubuntuone/storage/syncdaemon/main.py 2009-06-18 19:01:02 +0000
55@@ -46,6 +46,7 @@
56
57 def __init__(self, root_dir, shares_dir, data_dir,
58 host='fs-1.ubuntuone.com', port=443, dns_srv=None, ssl=True,
59+ disable_ssl_verify=False,
60 realm='https://ubuntuone.com', glib_loop=False,
61 mark_interval=120):
62 """ create the instance. """
63@@ -57,6 +58,7 @@
64 self.port = port
65 self.dns_srv = dns_srv
66 self.ssl = ssl
67+ self.disable_ssl_verify = disable_ssl_verify
68 self.realm = realm
69 self.token = None
70
71@@ -70,7 +72,8 @@
72 self.vm.init_root()
73 # we don't have the oauth tokens yet, we 'll get them later
74 self.action_q = action_queue.ActionQueue(self.event_q, host, port,
75- self.dns_srv, ssl)
76+ self.dns_srv, ssl,
77+ disable_ssl_verify)
78 self.hash_q = hash_queue.HashQueue(self.event_q)
79
80 self.sync = sync.Sync(self)
81
82=== modified file 'data/syncdaemon-dev.conf'
83--- data/syncdaemon-dev.conf 2009-05-12 13:36:05 +0000
84+++ data/syncdaemon-dev.conf 2009-06-18 19:01:02 +0000
85@@ -6,3 +6,6 @@
86 # In development don't lookup the SRV records
87 dns_srv.default =
88
89+# In development don't verify the SSL certificate.
90+disable_ssl_verify = True
91+
92
93=== modified file 'data/syncdaemon.conf'
94--- data/syncdaemon.conf 2009-05-12 13:36:05 +0000
95+++ data/syncdaemon.conf 2009-06-18 19:01:02 +0000
96@@ -5,6 +5,11 @@
97 dns_srv.default = _https._tcp.fs.ubuntuone.com
98 dns_srv.help = The DNS SRV record
99
100+disable_ssl_verify.default = False
101+disable_ssl_verify.action = store_true
102+disable_ssl_verify.parser = bool
103+disable_ssl_verify.help = Disable SSL certificate verification in a test environment.
104+
105 port.default = 443
106 port.parser = int
107 port.help = The port on which to connect to the server

Subscribers

People subscribed via source and target branches