Author: kwall Date: Wed Dec 12 17:40:45 2012 New Revision: 1420866 URL: http://svn.apache.org/viewvc?rev=1420866&view=rev Log: PROTON-136: fixed various minor bugs in Python SSL code. Also tweaked how SSLEngineFacadeFactory handles anonymous peer mode.
Applied patch from Philip Harvey<[email protected]>. Modified: qpid/proton/branches/kgiusti-proton-136/proton-c/bindings/python/proton.py qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/scripts/proton.py qpid/proton/branches/kgiusti-proton-136/tests/proton_tests/ssl.py Modified: qpid/proton/branches/kgiusti-proton-136/proton-c/bindings/python/proton.py URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-c/bindings/python/proton.py?rev=1420866&r1=1420865&r2=1420866&view=diff ============================================================================== --- qpid/proton/branches/kgiusti-proton-136/proton-c/bindings/python/proton.py (original) +++ qpid/proton/branches/kgiusti-proton-136/proton-c/bindings/python/proton.py Wed Dec 12 17:40:45 2012 @@ -2323,7 +2323,7 @@ class SSLDomain(object): def allow_unsecured_client(self, allow_unsecured = True): return self._check( pn_ssl_domain_allow_unsecured_client(self._domain, - allow_unsecured ) + allow_unsecured )) class SSL(object): @@ -2336,8 +2336,10 @@ class SSL(object): def __init__(self, transport, domain=None, session_details=None): if domain: + session_id = None if session_details: - self._ssl = pn_ssl_new( domain._domain, transport._trans, session_details.get_session_id() ) + session_id = session_details.get_session_id() + self._ssl = pn_ssl_new( domain._domain, transport._trans, session_id ) else: # old api: self._ssl = pn_ssl(transport._trans) if self._ssl is None: @@ -2374,7 +2376,7 @@ class SSLSessionDetails(object): self._session_id = session_id def get_session_id(self): - return self.session_id + return self._session_id __all__ = [ "LANGUAGE", @@ -2383,7 +2385,7 @@ __all__ = [ "AUTOMATIC", "PENDING", "MANUAL", - "REJECTED" + "REJECTED", "UNDESCRIBED", "Array", "Condition", Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java?rev=1420866&r1=1420865&r2=1420866&view=diff ============================================================================== --- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java (original) +++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/java/org/apache/qpid/proton/engine/impl/ssl/SslEngineFacadeFactory.java Wed Dec 12 17:40:45 2012 @@ -179,7 +179,7 @@ public class SslEngineFacadeFactory kmf.init(ksKeys, dummyPassword); final TrustManager[] trustManagers; - if (sslDomain.getTrustedCaDb() == null && sslDomain.getPeerAuthentication() == SslDomain.VerifyMode.ANONYMOUS_PEER) + if (sslDomain.getPeerAuthentication() == SslDomain.VerifyMode.ANONYMOUS_PEER) { trustManagers = new TrustManager[] { new AlwaysTrustingTrustManager() }; } Modified: qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/scripts/proton.py URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/scripts/proton.py?rev=1420866&r1=1420865&r2=1420866&view=diff ============================================================================== --- qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/scripts/proton.py (original) +++ qpid/proton/branches/kgiusti-proton-136/proton-j/proton/src/main/scripts/proton.py Wed Dec 12 17:40:45 2012 @@ -757,13 +757,6 @@ class SSL(object): def get_session_details(self): return self._session_details - RESUME_REUSED = "unused-for-java" - - def resume_status(self): - # Java has no way to determine if an SSL session is being reused - return SSL.RESUME_REUSED - - def cipher_name(self): return self._ssl.getCipherName() Modified: qpid/proton/branches/kgiusti-proton-136/tests/proton_tests/ssl.py URL: http://svn.apache.org/viewvc/qpid/proton/branches/kgiusti-proton-136/tests/proton_tests/ssl.py?rev=1420866&r1=1420865&r2=1420866&view=diff ============================================================================== --- qpid/proton/branches/kgiusti-proton-136/tests/proton_tests/ssl.py (original) +++ qpid/proton/branches/kgiusti-proton-136/tests/proton_tests/ssl.py Wed Dec 12 17:40:45 2012 @@ -144,16 +144,16 @@ class SslTest(common.Test): self._testpath("server-private-key.pem"), "server-password") self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) - server = SslTest.SslTestConnection( self.server_domain ) self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER, self._testpath("ca-certificate.pem") ) + server = SslTest.SslTestConnection( self.server_domain ) # give the client a certificate, but let's not require server authentication self.client_domain.set_credentials(self._testpath("client-certificate.pem"), self._testpath("client-private-key.pem"), "client-password") - client = SslTest.SslTestConnection( self.client_domain ) self.client_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER ) + client = SslTest.SslTestConnection( self.client_domain ) client.connection.open() server.connection.open() @@ -172,15 +172,15 @@ class SslTest(common.Test): self._testpath("server-private-key.pem"), "server-password") self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) - server = SslTest.SslTestConnection( self.server_domain ) self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER, self._testpath("ca-certificate.pem") ) + server = SslTest.SslTestConnection( self.server_domain ) self.client_domain.set_credentials(self._testpath("bad-server-certificate.pem"), self._testpath("bad-server-private-key.pem"), "server-password") - client = SslTest.SslTestConnection( self.client_domain ) self.client_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER ) + client = SslTest.SslTestConnection( self.client_domain ) client.connection.open() server.connection.open() @@ -200,12 +200,12 @@ class SslTest(common.Test): self._testpath("server-private-key.pem"), "server-password") self.server_domain.set_trusted_ca_db(self._testpath("ca-certificate.pem")) - server = SslTest.SslTestConnection( self.server_domain ) self.server_domain.set_peer_authentication( SSLDomain.VERIFY_PEER, self._testpath("ca-certificate.pem") ) + server = SslTest.SslTestConnection( self.server_domain ) - client = SslTest.SslTestConnection( self.client_domain ) self.client_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER ) + client = SslTest.SslTestConnection( self.client_domain ) client.connection.open() server.connection.open() @@ -295,7 +295,6 @@ class SslTest(common.Test): # now re-try with a client that does not require peer verification self.client_domain.set_peer_authentication( SSLDomain.ANONYMOUS_PEER ) - self.client_domain.set_trusted_ca_db( None ) # proton-j only allows ANONYMOUS if there is no CA DB. client = SslTest.SslTestConnection( self.client_domain ) server = SslTest.SslTestConnection( self.server_domain ) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
