Ubuntu One Client

Merge lp:~statik/ubuntuone-client/no-ssl-verify into lp:ubuntuone-client

  1. no-ssl-verify
  2. Merge into trunk
Proposed by Elliot Murphy
Status: Merged
Approved by: Guillermo Gonzalez
Approved revision: 48
Merged at revision: not available
Proposed branch: lp:~statik/ubuntuone-client/no-ssl-verify
Merge into: lp:ubuntuone-client
Diff against target: None lines
To merge this branch: bzr merge lp:~statik/ubuntuone-client/no-ssl-verify
Reviewer Review Type Date Requested Status
Guillermo Gonzalez Approve
Philip Fibiger (community) Approve
Review via email: mp+7647@code.launchpad.net

Commit message

[r=pfibiger, r=verterok] This is the first of two branches to enable SSL verification in the syncdaemon. This adds a config option that our test suite can use to disable SSL certification verification in the test suite only, and the second branch will enable SSL verification by default.

To post a comment you must log in.
Revision history for this message
Elliot Murphy (statik) wrote :

This is the first of two branches to enable SSL verification in the syncdaemon. This adds a config option that our test suite can use to disable SSL certification verification in the test suite only, and the second branch will enable SSL verification by default.

Revision history for this message
Philip Fibiger (pfibiger) wrote :

this looks good. well commented, too :)

review: Approve
Revision history for this message
Guillermo Gonzalez (verterok) wrote :

Looks ok.

review: Approve
Revision history for this message
Guillermo Gonzalez (verterok) wrote :

Looks ok.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'bin/ubuntuone-syncdaemon'
--- bin/ubuntuone-syncdaemon 2009-05-14 15:04:58 +0000
+++ bin/ubuntuone-syncdaemon 2009-06-18 19:01:02 +0000
@@ -117,6 +117,7 @@
117 main = Main(user_root_dir, shares_root_dir, options.data_dir,117 main = Main(user_root_dir, shares_root_dir, options.data_dir,
118 host=options.host, port=int(options.port), 118 host=options.host, port=int(options.port),
119 dns_srv=options.dns_srv, ssl=True,119 dns_srv=options.dns_srv, ssl=True,
120 disable_ssl_verify=options.disable_ssl_verify,
120 realm=options.realm, mark_interval=options.mark_interval)121 realm=options.realm, mark_interval=options.mark_interval)
121 if options.oauth:122 if options.oauth:
122 try:123 try:
123124
=== modified file 'canonical/ubuntuone/storage/syncdaemon/action_queue.py'
--- canonical/ubuntuone/storage/syncdaemon/action_queue.py 2009-06-12 22:14:02 +0000
+++ canonical/ubuntuone/storage/syncdaemon/action_queue.py 2009-06-18 19:01:02 +0000
@@ -473,12 +473,13 @@
473 protocol = ActionQueueProtocol473 protocol = ActionQueueProtocol
474474
475 def __init__(self, event_queue, host, port, dns_srv,475 def __init__(self, event_queue, host, port, dns_srv,
476 use_ssl=False):476 use_ssl=False, disable_ssl_verify=False):
477 self.event_queue = event_queue477 self.event_queue = event_queue
478 self.host = host478 self.host = host
479 self.port = port479 self.port = port
480 self.dns_srv = dns_srv480 self.dns_srv = dns_srv
481 self.use_ssl = use_ssl481 self.use_ssl = use_ssl
482 self.disable_ssl_verify = disable_ssl_verify
482483
483 self.token = None484 self.token = None
484 self.client = None485 self.client = None
@@ -580,9 +581,17 @@
580 def _connect(result):581 def _connect(result):
581 """ do the real thing """582 """ do the real thing """
582 host, port = result583 host, port = result
584 if self.disable_verify_ssl:
585 # This ssl context does no certficate verification
586 # and is only safe to use in the test suite.
587 sslContext = ssl.ClientContextFactory()
588 else:
589 # XXX: This fix is being landed in stages.
590 # here we need to use a proper SSL context that will
591 # verify the certificate and disconnect if invalid.
592 sslContext = ssl.ClientContextFactory()
583 if self.use_ssl:593 if self.use_ssl:
584 reactor.connectSSL(host, port, self,594 reactor.connectSSL(host, port, self, sslContext)
585 ssl.ClientContextFactory())
586 else:595 else:
587 reactor.connectTCP(host, port, self)596 reactor.connectTCP(host, port, self)
588 d.addCallback(_connect)597 d.addCallback(_connect)
589598
=== modified file 'canonical/ubuntuone/storage/syncdaemon/main.py'
--- canonical/ubuntuone/storage/syncdaemon/main.py 2009-05-26 14:23:45 +0000
+++ canonical/ubuntuone/storage/syncdaemon/main.py 2009-06-18 19:01:02 +0000
@@ -46,6 +46,7 @@
4646
47 def __init__(self, root_dir, shares_dir, data_dir,47 def __init__(self, root_dir, shares_dir, data_dir,
48 host='fs-1.ubuntuone.com', port=443, dns_srv=None, ssl=True,48 host='fs-1.ubuntuone.com', port=443, dns_srv=None, ssl=True,
49 disable_ssl_verify=False,
49 realm='https://ubuntuone.com', glib_loop=False,50 realm='https://ubuntuone.com', glib_loop=False,
50 mark_interval=120):51 mark_interval=120):
51 """ create the instance. """52 """ create the instance. """
@@ -57,6 +58,7 @@
57 self.port = port58 self.port = port
58 self.dns_srv = dns_srv59 self.dns_srv = dns_srv
59 self.ssl = ssl60 self.ssl = ssl
61 self.disable_ssl_verify = disable_ssl_verify
60 self.realm = realm62 self.realm = realm
61 self.token = None63 self.token = None
6264
@@ -70,7 +72,8 @@
70 self.vm.init_root()72 self.vm.init_root()
71 # we don't have the oauth tokens yet, we 'll get them later73 # we don't have the oauth tokens yet, we 'll get them later
72 self.action_q = action_queue.ActionQueue(self.event_q, host, port,74 self.action_q = action_queue.ActionQueue(self.event_q, host, port,
73 self.dns_srv, ssl)75 self.dns_srv, ssl,
76 disable_ssl_verify)
74 self.hash_q = hash_queue.HashQueue(self.event_q)77 self.hash_q = hash_queue.HashQueue(self.event_q)
7578
76 self.sync = sync.Sync(self)79 self.sync = sync.Sync(self)
7780
=== modified file 'data/syncdaemon-dev.conf'
--- data/syncdaemon-dev.conf 2009-05-12 13:36:05 +0000
+++ data/syncdaemon-dev.conf 2009-06-18 19:01:02 +0000
@@ -6,3 +6,6 @@
6# In development don't lookup the SRV records 6# In development don't lookup the SRV records
7dns_srv.default = 7dns_srv.default =
88
9# In development don't verify the SSL certificate.
10disable_ssl_verify = True
11
912
=== modified file 'data/syncdaemon.conf'
--- data/syncdaemon.conf 2009-05-12 13:36:05 +0000
+++ data/syncdaemon.conf 2009-06-18 19:01:02 +0000
@@ -5,6 +5,11 @@
5dns_srv.default = _https._tcp.fs.ubuntuone.com5dns_srv.default = _https._tcp.fs.ubuntuone.com
6dns_srv.help = The DNS SRV record6dns_srv.help = The DNS SRV record
77
8disable_ssl_verify.default = False
9disable_ssl_verify.action = store_true
10disable_ssl_verify.parser = bool
11disable_ssl_verify.help = Disable SSL certificate verification in a test environment.
12
8port.default = 44313port.default = 443
9port.parser = int14port.parser = int
10port.help = The port on which to connect to the server15port.help = The port on which to connect to the server

Subscribers

People subscribed via source and target branches