[1/2] cassandra git commit: cqlsh: Make SSL protocol version configurable
Repository: cassandra Updated Branches: refs/heads/cassandra-2.2 0f5dd225d - 12ff1cda7 cqlsh: Make SSL protocol version configurable Patch by Jesse Szwedko; reviewed by Tyler Hobbs for CASSANDRA-9544 Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/30df089d Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/30df089d Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/30df089d Branch: refs/heads/cassandra-2.2 Commit: 30df089d72d7d9889eebacd8c00537e46a2bcaab Parents: 4c94ef2 Author: Jesse Szwedko jesse.szwe...@gmail.com Authored: Tue Jul 7 12:12:49 2015 -0500 Committer: Tyler Hobbs tylerlho...@gmail.com Committed: Tue Jul 7 15:47:57 2015 -0500 -- CHANGES.txt | 2 ++ pylib/cqlshlib/sslhandling.py | 15 +-- 2 files changed, 15 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cassandra/blob/30df089d/CHANGES.txt -- diff --git a/CHANGES.txt b/CHANGES.txt index 2cbc7c4..0fbadbc 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,6 @@ 2.1.9 + * (cqlsh) Allow the SSL protocol version to be specified through the + config file or environment variables (CASSANDRA-9544) Merged from 2.0: * Scrub (recover) sstables even when -Index.db is missing, (CASSANDRA-9591) http://git-wip-us.apache.org/repos/asf/cassandra/blob/30df089d/pylib/cqlshlib/sslhandling.py -- diff --git a/pylib/cqlshlib/sslhandling.py b/pylib/cqlshlib/sslhandling.py index 70dd759..2a90e26 100644 --- a/pylib/cqlshlib/sslhandling.py +++ b/pylib/cqlshlib/sslhandling.py @@ -19,6 +19,7 @@ import sys import ConfigParser import ssl + def ssl_settings(host, config_file, env=os.environ): Function wcich generates SSL setting for cassandra.Cluster @@ -51,6 +52,17 @@ def ssl_settings(host, config_file, env=os.environ): ssl_validate = get_option('ssl', 'validate') ssl_validate = ssl_validate is None or ssl_validate.lower() != 'false' +ssl_version_str = env.get('SSL_VERSION') +if ssl_version_str is None: +ssl_version_str = get_option('ssl', 'version') +if ssl_version_str is None: +ssl_version_str = TLSv1 + +ssl_version = getattr(ssl, PROTOCOL_%s % ssl_version_str, None) +if ssl_version is None: +sys.exit(%s is not a valid SSL protocol, please use one of SSLv23, + TLSv1, TLSv1.1, or TLSv1.2 % (ssl_version_str,)) + ssl_certfile = env.get('SSL_CERTFILE') if ssl_certfile is None: ssl_certfile = get_option('certfiles', host) @@ -73,6 +85,5 @@ def ssl_settings(host, config_file, env=os.environ): return dict(ca_certs=ssl_certfile, cert_reqs=ssl.CERT_REQUIRED if ssl_validate else ssl.CERT_NONE, -ssl_version=ssl.PROTOCOL_TLSv1, +ssl_version=ssl_version, keyfile=userkey, certfile=usercert) -
cassandra git commit: cqlsh: Make SSL protocol version configurable
Repository: cassandra Updated Branches: refs/heads/cassandra-2.1 4c94ef20d - 30df089d7 cqlsh: Make SSL protocol version configurable Patch by Jesse Szwedko; reviewed by Tyler Hobbs for CASSANDRA-9544 Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/30df089d Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/30df089d Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/30df089d Branch: refs/heads/cassandra-2.1 Commit: 30df089d72d7d9889eebacd8c00537e46a2bcaab Parents: 4c94ef2 Author: Jesse Szwedko jesse.szwe...@gmail.com Authored: Tue Jul 7 12:12:49 2015 -0500 Committer: Tyler Hobbs tylerlho...@gmail.com Committed: Tue Jul 7 15:47:57 2015 -0500 -- CHANGES.txt | 2 ++ pylib/cqlshlib/sslhandling.py | 15 +-- 2 files changed, 15 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cassandra/blob/30df089d/CHANGES.txt -- diff --git a/CHANGES.txt b/CHANGES.txt index 2cbc7c4..0fbadbc 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,6 @@ 2.1.9 + * (cqlsh) Allow the SSL protocol version to be specified through the + config file or environment variables (CASSANDRA-9544) Merged from 2.0: * Scrub (recover) sstables even when -Index.db is missing, (CASSANDRA-9591) http://git-wip-us.apache.org/repos/asf/cassandra/blob/30df089d/pylib/cqlshlib/sslhandling.py -- diff --git a/pylib/cqlshlib/sslhandling.py b/pylib/cqlshlib/sslhandling.py index 70dd759..2a90e26 100644 --- a/pylib/cqlshlib/sslhandling.py +++ b/pylib/cqlshlib/sslhandling.py @@ -19,6 +19,7 @@ import sys import ConfigParser import ssl + def ssl_settings(host, config_file, env=os.environ): Function wcich generates SSL setting for cassandra.Cluster @@ -51,6 +52,17 @@ def ssl_settings(host, config_file, env=os.environ): ssl_validate = get_option('ssl', 'validate') ssl_validate = ssl_validate is None or ssl_validate.lower() != 'false' +ssl_version_str = env.get('SSL_VERSION') +if ssl_version_str is None: +ssl_version_str = get_option('ssl', 'version') +if ssl_version_str is None: +ssl_version_str = TLSv1 + +ssl_version = getattr(ssl, PROTOCOL_%s % ssl_version_str, None) +if ssl_version is None: +sys.exit(%s is not a valid SSL protocol, please use one of SSLv23, + TLSv1, TLSv1.1, or TLSv1.2 % (ssl_version_str,)) + ssl_certfile = env.get('SSL_CERTFILE') if ssl_certfile is None: ssl_certfile = get_option('certfiles', host) @@ -73,6 +85,5 @@ def ssl_settings(host, config_file, env=os.environ): return dict(ca_certs=ssl_certfile, cert_reqs=ssl.CERT_REQUIRED if ssl_validate else ssl.CERT_NONE, -ssl_version=ssl.PROTOCOL_TLSv1, +ssl_version=ssl_version, keyfile=userkey, certfile=usercert) -
[1/3] cassandra git commit: cqlsh: Make SSL protocol version configurable
Repository: cassandra Updated Branches: refs/heads/trunk 9423109de - 6af030a95 cqlsh: Make SSL protocol version configurable Patch by Jesse Szwedko; reviewed by Tyler Hobbs for CASSANDRA-9544 Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/30df089d Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/30df089d Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/30df089d Branch: refs/heads/trunk Commit: 30df089d72d7d9889eebacd8c00537e46a2bcaab Parents: 4c94ef2 Author: Jesse Szwedko jesse.szwe...@gmail.com Authored: Tue Jul 7 12:12:49 2015 -0500 Committer: Tyler Hobbs tylerlho...@gmail.com Committed: Tue Jul 7 15:47:57 2015 -0500 -- CHANGES.txt | 2 ++ pylib/cqlshlib/sslhandling.py | 15 +-- 2 files changed, 15 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cassandra/blob/30df089d/CHANGES.txt -- diff --git a/CHANGES.txt b/CHANGES.txt index 2cbc7c4..0fbadbc 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,6 @@ 2.1.9 + * (cqlsh) Allow the SSL protocol version to be specified through the + config file or environment variables (CASSANDRA-9544) Merged from 2.0: * Scrub (recover) sstables even when -Index.db is missing, (CASSANDRA-9591) http://git-wip-us.apache.org/repos/asf/cassandra/blob/30df089d/pylib/cqlshlib/sslhandling.py -- diff --git a/pylib/cqlshlib/sslhandling.py b/pylib/cqlshlib/sslhandling.py index 70dd759..2a90e26 100644 --- a/pylib/cqlshlib/sslhandling.py +++ b/pylib/cqlshlib/sslhandling.py @@ -19,6 +19,7 @@ import sys import ConfigParser import ssl + def ssl_settings(host, config_file, env=os.environ): Function wcich generates SSL setting for cassandra.Cluster @@ -51,6 +52,17 @@ def ssl_settings(host, config_file, env=os.environ): ssl_validate = get_option('ssl', 'validate') ssl_validate = ssl_validate is None or ssl_validate.lower() != 'false' +ssl_version_str = env.get('SSL_VERSION') +if ssl_version_str is None: +ssl_version_str = get_option('ssl', 'version') +if ssl_version_str is None: +ssl_version_str = TLSv1 + +ssl_version = getattr(ssl, PROTOCOL_%s % ssl_version_str, None) +if ssl_version is None: +sys.exit(%s is not a valid SSL protocol, please use one of SSLv23, + TLSv1, TLSv1.1, or TLSv1.2 % (ssl_version_str,)) + ssl_certfile = env.get('SSL_CERTFILE') if ssl_certfile is None: ssl_certfile = get_option('certfiles', host) @@ -73,6 +85,5 @@ def ssl_settings(host, config_file, env=os.environ): return dict(ca_certs=ssl_certfile, cert_reqs=ssl.CERT_REQUIRED if ssl_validate else ssl.CERT_NONE, -ssl_version=ssl.PROTOCOL_TLSv1, +ssl_version=ssl_version, keyfile=userkey, certfile=usercert) -