Ubuntu One storage protocol

Merge lp:~pfibiger/ubuntuone-storage-protocol/add-ssl-context into lp:ubuntuone-storage-protocol

  1. add-ssl-context
  2. Merge into trunk
Proposed by Philip Fibiger
Status: Merged
Approved by: Joshua Blount
Approved revision: 43
Merged at revision: not available
Proposed branch: lp:~pfibiger/ubuntuone-storage-protocol/add-ssl-context
Merge into: lp:ubuntuone-storage-protocol
Diff against target: None lines
To merge this branch: bzr merge lp:~pfibiger/ubuntuone-storage-protocol/add-ssl-context
Reviewer Review Type Date Requested Status
Joshua Blount (community) Approve
Elliot Murphy (community) Approve
Review via email: mp+7817@code.launchpad.net

Commit message

[r=statik, jblount] add ssl context creation.

To post a comment you must log in.
Revision history for this message
Philip Fibiger (pfibiger) wrote :

refactors ssl context creation into u-s-p for use by both u1sync and syncdaemon.

Revision history for this message
Elliot Murphy (statik) wrote :

This looks great. A minor style suggestion which you are free to ignore; changing the function signature to be

def get_ssl_context(verify=True):

would both enable keyword args and provide a sensible default. You'd need to change the condition inside the function to

if verify:
    <stuff>
else:
    the non verify path

but I think it would make callsites of this function nicer to read.

review: Approve
Revision history for this message
Joshua Blount (jblount) wrote :

+1 (we talked about the thing elliot suggested, you made your case, etc)

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added file 'canonical/ubuntuone/storage/protocol/context.py'
2--- canonical/ubuntuone/storage/protocol/context.py 1970-01-01 00:00:00 +0000
3+++ canonical/ubuntuone/storage/protocol/context.py 2009-06-23 19:38:42 +0000
4@@ -0,0 +1,31 @@
5+# canonical.ubuntuone.storage.protocol.context - ssl context creation
6+#
7+# Copyright 2009 Canonical Ltd.
8+#
9+# This program is free software: you can redistribute it and/or modify it
10+# under the terms of the GNU Affero General Public License version 3,
11+# as published by the Free Software Foundation.
12+#
13+# This program is distributed in the hope that it will be useful, but
14+# WITHOUT ANY WARRANTY; without even the implied warranties of
15+# MERCHANTABILITY, SATISFACTORY QUALITY, or FITNESS FOR A PARTICULAR
16+# PURPOSE. See the GNU Affero General Public License for more details.
17+#
18+# You should have received a copy of the GNU Affero General Public License
19+# along with this program. If not, see <http://www.gnu.org/licenses/>.
20+
21+from OpenSSL import SSL
22+from twisted.internet import ssl
23+
24+def get_ssl_context(no_verify):
25+ if no_verify:
26+ ctx = ssl.ClientContextFactory()
27+ else:
28+ ca_file = ssl.Certificate.loadPEM(file(
29+ '/etc/ssl/certs/UbuntuOne-Go_Daddy_Class_2_CA.pem', 'r').read())
30+ ca_file_2 = ssl.Certificate.loadPEM(file(
31+ '/etc/ssl/certs/UbuntuOne-Go_Daddy_CA.pem', 'r').read())
32+ ctx = ssl.CertificateOptions(verify=True,
33+ caCerts=[ca_file.original, ca_file_2.original],
34+ method=SSL.SSLv23_METHOD)
35+ return ctx
36
37=== added directory 'data'
38=== added file 'data/UbuntuOne-Go_Daddy_CA.pem'
39--- data/UbuntuOne-Go_Daddy_CA.pem 1970-01-01 00:00:00 +0000
40+++ data/UbuntuOne-Go_Daddy_CA.pem 2009-06-23 19:38:42 +0000
41@@ -0,0 +1,29 @@
42+-----BEGIN CERTIFICATE-----
43+MIIE3jCCA8agAwIBAgICAwEwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCVVMx
44+ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
45+RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMTYw
46+MTU0MzdaFw0yNjExMTYwMTU0MzdaMIHKMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
47+QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5j
48+b20sIEluYy4xMzAxBgNVBAsTKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5j
49+b20vcmVwb3NpdG9yeTEwMC4GA1UEAxMnR28gRGFkZHkgU2VjdXJlIENlcnRpZmlj
50+YXRpb24gQXV0aG9yaXR5MREwDwYDVQQFEwgwNzk2OTI4NzCCASIwDQYJKoZIhvcN
51+AQEBBQADggEPADCCAQoCggEBAMQt1RWMnCZM7DI161+4WQFapmGBWTtwY6vj3D3H
52+KrjJM9N55DrtPDAjhI6zMBS2sofDPZVUBJ7fmd0LJR4h3mUpfjWoqVTr9vcyOdQm
53+VZWt7/v+WIbXnvQAjYwqDL1CBM6nPwT27oDyqu9SoWlm2r4arV3aLGbqGmu75RpR
54+SgAvSMeYddi5Kcju+GZtCpyz8/x4fKL4o/K1w/O5epHBp+YlLpyo7RJlbmr2EkRT
55+cDCVw5wrWCs9CHRK8r5RsL+H0EwnWGu1NcWdrxcx+AuP7q2BNgWJCJjPOq8lh8BJ
56+6qf9Z/dFjpfMFDniNoW1fho3/Rb2cRGadDAW/hOUoz+EDU8CAwEAAaOCATIwggEu
57+MB0GA1UdDgQWBBT9rGEyk2xF1uLuhV+auud2mWjM5zAfBgNVHSMEGDAWgBTSxLDS
58+kdRMEXGzYcs9of7dqGrU4zASBgNVHRMBAf8ECDAGAQH/AgEAMDMGCCsGAQUFBwEB
59+BCcwJTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuZ29kYWRkeS5jb20wRgYDVR0f
60+BD8wPTA7oDmgN4Y1aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv
61+c2l0b3J5L2dkcm9vdC5jcmwwSwYDVR0gBEQwQjBABgRVHSAAMDgwNgYIKwYBBQUH
62+AgEWKmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeTAO
63+BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBANKGwOy9+aG2Z+5mC6IG
64+OgRQjhVyrEp0lVPLN8tESe8HkGsz2ZbwlFalEzAFPIUyIXvJxwqoJKSQ3kbTJSMU
65+A2fCENZvD117esyfxVgqwcSeIaha86ykRvOe5GPLL5CkKSkB2XIsKd83ASe8T+5o
66+0yGPwLPk9Qnt0hCqU7S+8MxZC9Y7lhyVJEnfzuz9p0iRFEUOOjZv2kWzRaJBydTX
67+RE4+uXR21aITVSzGh6O1mawGhId/dQb8vxRMDsxuxN89txJx9OjxUUAiKEngHUuH
68+qDTMBqLdElrRhjZkAzVvb3du6/KFUJheqwNTrZEjYx8WnM25sgVjOuH0aBsXBTWV
69+U+4=
70+-----END CERTIFICATE-----
71
72=== added file 'data/UbuntuOne-Go_Daddy_Class_2_CA.pem'
73--- data/UbuntuOne-Go_Daddy_Class_2_CA.pem 1970-01-01 00:00:00 +0000
74+++ data/UbuntuOne-Go_Daddy_Class_2_CA.pem 2009-06-23 19:38:42 +0000
75@@ -0,0 +1,25 @@
76+-----BEGIN CERTIFICATE-----
77+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJV
78+UzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQL
79+EyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
80+DTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMx
81+ITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMo
82+R28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAw
83+DQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d
84+/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9
85+S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32qRe3H3I2
86+TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVl
87+OARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFA
88+pMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44
89+dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLEsNKR1EwRcbNh
90+yz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2oatTj
91+oWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdy
92+b3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj
93+YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF
94+BQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYX
95+MP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt
96+I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheab
97+IZ0KbIIOqPjCDPoQHmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzr
98+Tia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBD
99+pqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/bvZ8=
100+-----END CERTIFICATE-----
101
102=== modified file 'setup.py'
103--- setup.py 2009-06-17 22:31:14 +0000
104+++ setup.py 2009-06-23 19:38:42 +0000
105@@ -124,6 +124,9 @@
106 'canonical.ubuntuone',
107 'canonical.ubuntuone.storage',
108 'canonical.ubuntuone.storage.protocol'],
109+ data_files=[('/etc/ssl/certs',
110+ ['data/UbuntuOne-Go_Daddy_CA.pem',
111+ 'data/UbuntuOne-Go_Daddy_Class_2_CA.pem'])],
112
113 cmdclass = {
114 'build' : StorageProtocolBuild,

Subscribers

People subscribed via source and target branches