[1/2] cassandra git commit: cqlsh: Make SSL protocol version configurable
Repository: cassandra
Updated Branches:
refs/heads/cassandra-2.2 0f5dd225d - 12ff1cda7
cqlsh: Make SSL protocol version configurable
Patch by Jesse Szwedko; reviewed by Tyler Hobbs for CASSANDRA-9544
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/30df089d
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/30df089d
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/30df089d
Branch: refs/heads/cassandra-2.2
Commit: 30df089d72d7d9889eebacd8c00537e46a2bcaab
Parents: 4c94ef2
Author: Jesse Szwedko jesse.szwe...@gmail.com
Authored: Tue Jul 7 12:12:49 2015 -0500
Committer: Tyler Hobbs tylerlho...@gmail.com
Committed: Tue Jul 7 15:47:57 2015 -0500
--
CHANGES.txt | 2 ++
pylib/cqlshlib/sslhandling.py | 15 +--
2 files changed, 15 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cassandra/blob/30df089d/CHANGES.txt
--
diff --git a/CHANGES.txt b/CHANGES.txt
index 2cbc7c4..0fbadbc 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,6 @@
2.1.9
+ * (cqlsh) Allow the SSL protocol version to be specified through the
+ config file or environment variables (CASSANDRA-9544)
Merged from 2.0:
* Scrub (recover) sstables even when -Index.db is missing, (CASSANDRA-9591)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/30df089d/pylib/cqlshlib/sslhandling.py
--
diff --git a/pylib/cqlshlib/sslhandling.py b/pylib/cqlshlib/sslhandling.py
index 70dd759..2a90e26 100644
--- a/pylib/cqlshlib/sslhandling.py
+++ b/pylib/cqlshlib/sslhandling.py
@@ -19,6 +19,7 @@ import sys
import ConfigParser
import ssl
+
def ssl_settings(host, config_file, env=os.environ):
Function wcich generates SSL setting for cassandra.Cluster
@@ -51,6 +52,17 @@ def ssl_settings(host, config_file, env=os.environ):
ssl_validate = get_option('ssl', 'validate')
ssl_validate = ssl_validate is None or ssl_validate.lower() != 'false'
+ssl_version_str = env.get('SSL_VERSION')
+if ssl_version_str is None:
+ssl_version_str = get_option('ssl', 'version')
+if ssl_version_str is None:
+ssl_version_str = TLSv1
+
+ssl_version = getattr(ssl, PROTOCOL_%s % ssl_version_str, None)
+if ssl_version is None:
+sys.exit(%s is not a valid SSL protocol, please use one of SSLv23,
+ TLSv1, TLSv1.1, or TLSv1.2 % (ssl_version_str,))
+
ssl_certfile = env.get('SSL_CERTFILE')
if ssl_certfile is None:
ssl_certfile = get_option('certfiles', host)
@@ -73,6 +85,5 @@ def ssl_settings(host, config_file, env=os.environ):
return dict(ca_certs=ssl_certfile,
cert_reqs=ssl.CERT_REQUIRED if ssl_validate else ssl.CERT_NONE,
-ssl_version=ssl.PROTOCOL_TLSv1,
+ssl_version=ssl_version,
keyfile=userkey, certfile=usercert)
-
cassandra git commit: cqlsh: Make SSL protocol version configurable
Repository: cassandra
Updated Branches:
refs/heads/cassandra-2.1 4c94ef20d - 30df089d7
cqlsh: Make SSL protocol version configurable
Patch by Jesse Szwedko; reviewed by Tyler Hobbs for CASSANDRA-9544
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/30df089d
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/30df089d
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/30df089d
Branch: refs/heads/cassandra-2.1
Commit: 30df089d72d7d9889eebacd8c00537e46a2bcaab
Parents: 4c94ef2
Author: Jesse Szwedko jesse.szwe...@gmail.com
Authored: Tue Jul 7 12:12:49 2015 -0500
Committer: Tyler Hobbs tylerlho...@gmail.com
Committed: Tue Jul 7 15:47:57 2015 -0500
--
CHANGES.txt | 2 ++
pylib/cqlshlib/sslhandling.py | 15 +--
2 files changed, 15 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cassandra/blob/30df089d/CHANGES.txt
--
diff --git a/CHANGES.txt b/CHANGES.txt
index 2cbc7c4..0fbadbc 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,6 @@
2.1.9
+ * (cqlsh) Allow the SSL protocol version to be specified through the
+ config file or environment variables (CASSANDRA-9544)
Merged from 2.0:
* Scrub (recover) sstables even when -Index.db is missing, (CASSANDRA-9591)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/30df089d/pylib/cqlshlib/sslhandling.py
--
diff --git a/pylib/cqlshlib/sslhandling.py b/pylib/cqlshlib/sslhandling.py
index 70dd759..2a90e26 100644
--- a/pylib/cqlshlib/sslhandling.py
+++ b/pylib/cqlshlib/sslhandling.py
@@ -19,6 +19,7 @@ import sys
import ConfigParser
import ssl
+
def ssl_settings(host, config_file, env=os.environ):
Function wcich generates SSL setting for cassandra.Cluster
@@ -51,6 +52,17 @@ def ssl_settings(host, config_file, env=os.environ):
ssl_validate = get_option('ssl', 'validate')
ssl_validate = ssl_validate is None or ssl_validate.lower() != 'false'
+ssl_version_str = env.get('SSL_VERSION')
+if ssl_version_str is None:
+ssl_version_str = get_option('ssl', 'version')
+if ssl_version_str is None:
+ssl_version_str = TLSv1
+
+ssl_version = getattr(ssl, PROTOCOL_%s % ssl_version_str, None)
+if ssl_version is None:
+sys.exit(%s is not a valid SSL protocol, please use one of SSLv23,
+ TLSv1, TLSv1.1, or TLSv1.2 % (ssl_version_str,))
+
ssl_certfile = env.get('SSL_CERTFILE')
if ssl_certfile is None:
ssl_certfile = get_option('certfiles', host)
@@ -73,6 +85,5 @@ def ssl_settings(host, config_file, env=os.environ):
return dict(ca_certs=ssl_certfile,
cert_reqs=ssl.CERT_REQUIRED if ssl_validate else ssl.CERT_NONE,
-ssl_version=ssl.PROTOCOL_TLSv1,
+ssl_version=ssl_version,
keyfile=userkey, certfile=usercert)
-
[1/3] cassandra git commit: cqlsh: Make SSL protocol version configurable
Repository: cassandra
Updated Branches:
refs/heads/trunk 9423109de - 6af030a95
cqlsh: Make SSL protocol version configurable
Patch by Jesse Szwedko; reviewed by Tyler Hobbs for CASSANDRA-9544
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/30df089d
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/30df089d
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/30df089d
Branch: refs/heads/trunk
Commit: 30df089d72d7d9889eebacd8c00537e46a2bcaab
Parents: 4c94ef2
Author: Jesse Szwedko jesse.szwe...@gmail.com
Authored: Tue Jul 7 12:12:49 2015 -0500
Committer: Tyler Hobbs tylerlho...@gmail.com
Committed: Tue Jul 7 15:47:57 2015 -0500
--
CHANGES.txt | 2 ++
pylib/cqlshlib/sslhandling.py | 15 +--
2 files changed, 15 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cassandra/blob/30df089d/CHANGES.txt
--
diff --git a/CHANGES.txt b/CHANGES.txt
index 2cbc7c4..0fbadbc 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,6 @@
2.1.9
+ * (cqlsh) Allow the SSL protocol version to be specified through the
+ config file or environment variables (CASSANDRA-9544)
Merged from 2.0:
* Scrub (recover) sstables even when -Index.db is missing, (CASSANDRA-9591)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/30df089d/pylib/cqlshlib/sslhandling.py
--
diff --git a/pylib/cqlshlib/sslhandling.py b/pylib/cqlshlib/sslhandling.py
index 70dd759..2a90e26 100644
--- a/pylib/cqlshlib/sslhandling.py
+++ b/pylib/cqlshlib/sslhandling.py
@@ -19,6 +19,7 @@ import sys
import ConfigParser
import ssl
+
def ssl_settings(host, config_file, env=os.environ):
Function wcich generates SSL setting for cassandra.Cluster
@@ -51,6 +52,17 @@ def ssl_settings(host, config_file, env=os.environ):
ssl_validate = get_option('ssl', 'validate')
ssl_validate = ssl_validate is None or ssl_validate.lower() != 'false'
+ssl_version_str = env.get('SSL_VERSION')
+if ssl_version_str is None:
+ssl_version_str = get_option('ssl', 'version')
+if ssl_version_str is None:
+ssl_version_str = TLSv1
+
+ssl_version = getattr(ssl, PROTOCOL_%s % ssl_version_str, None)
+if ssl_version is None:
+sys.exit(%s is not a valid SSL protocol, please use one of SSLv23,
+ TLSv1, TLSv1.1, or TLSv1.2 % (ssl_version_str,))
+
ssl_certfile = env.get('SSL_CERTFILE')
if ssl_certfile is None:
ssl_certfile = get_option('certfiles', host)
@@ -73,6 +85,5 @@ def ssl_settings(host, config_file, env=os.environ):
return dict(ca_certs=ssl_certfile,
cert_reqs=ssl.CERT_REQUIRED if ssl_validate else ssl.CERT_NONE,
-ssl_version=ssl.PROTOCOL_TLSv1,
+ssl_version=ssl_version,
keyfile=userkey, certfile=usercert)
-
