Repository: libcloud Updated Branches: refs/heads/trunk 4a328a4a4 -> b515b8f84
Throw a more friendly error message if establishing SSL / TLS connection fails. Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/a9acb7fc Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/a9acb7fc Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/a9acb7fc Branch: refs/heads/trunk Commit: a9acb7fca02867c3d1aa101c9d457803cfb7aef1 Parents: 6a1b6a3 Author: Tomaz Muraus <[email protected]> Authored: Thu Jan 14 13:47:09 2016 +0100 Committer: Tomaz Muraus <[email protected]> Committed: Thu Jan 14 13:47:09 2016 +0100 ---------------------------------------------------------------------- libcloud/httplib_ssl.py | 46 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 40 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/libcloud/blob/a9acb7fc/libcloud/httplib_ssl.py ---------------------------------------------------------------------- diff --git a/libcloud/httplib_ssl.py b/libcloud/httplib_ssl.py index cac4098..a447e50 100644 --- a/libcloud/httplib_ssl.py +++ b/libcloud/httplib_ssl.py @@ -40,6 +40,24 @@ __all__ = [ HTTP_PROXY_ENV_VARIABLE_NAME = 'http_proxy' +# Error message which is thrown when establishing SSL / TLS connection fails +UNSUPPORTED_TLS_VERSION_ERROR_MSG = """ +Failed to establish SSL / TLS connection (%s). It is possible that the server \ +doesn't support requested SSL / TLS version (%s). +For information on how to work around this issue, please see \ +https://libcloud.readthedocs.org/en/latest/other/\ +ssl-certificate-validation.html#changing-used-ssl-tls-version +""".strip() + +# Maps ssl.PROTOCOL_* constant to the actual SSL / TLS version name +SSL_CONSTANT_TO_TLS_VERSION_MAP = { + 0: 'SSL v2', + 2: 'SSLv3, TLS v1.0, TLS v1.1, TLS v1.2', + 3: 'TLS v1.0', + 4: 'TLS v1.1', + 5: 'TLS v1.2' +} + class LibcloudBaseConnection(object): """ @@ -272,12 +290,28 @@ class LibcloudHTTPSConnection(httplib.HTTPSConnection, LibcloudBaseConnection): if self.http_proxy_used: self._activate_http_proxy(sock=sock) - self.sock = ssl.wrap_socket(sock, - self.key_file, - self.cert_file, - cert_reqs=ssl.CERT_REQUIRED, - ca_certs=self.ca_cert, - ssl_version=libcloud.security.SSL_VERSION) + try: + self.sock = ssl.wrap_socket(sock, + self.key_file, + self.cert_file, + cert_reqs=ssl.CERT_REQUIRED, + ca_certs=self.ca_cert, + ssl_version=libcloud.security.SSL_VERSION) + except Exception: + exc_cls = sys.exc_info()[0] + e = sys.exc_info()[1] + + exc_msg = str(e) + # Re-throw an exception with a more friendly error message + if 'connection reset by peer' in exc_msg.lower(): + ssl_version = libcloud.security.SSL_VERSION + ssl_version = SSL_CONSTANT_TO_TLS_VERSION_MAP[ssl_version] + msg = UNSUPPORTED_TLS_VERSION_ERROR_MSG % (exc_msg, ssl_version) + new_e = exc_cls(msg) + new_e.original_exc = e + raise new_e + + raise e cert = self.sock.getpeercert() try: match_hostname(cert, self.host)
