I would appreciate some extra testing on this one.
We should really only need the old koji.ssl stuff for the ssl_login
call. Once we're authenticated, we can switch.
This should help with some of the connection timeout issues some folks
are experiencing (and if not, I'd like to know)
On 06/06/2015 05:44 PM, Mike McLean wrote:
---
koji/__init__.py | 25 ++++++++++---------------
1 file changed, 10 insertions(+), 15 deletions(-)
diff --git a/koji/__init__.py b/koji/__init__.py
index 58971da..36772bb 100644
--- a/koji/__init__.py
+++ b/koji/__init__.py
@@ -1599,12 +1599,7 @@ class ClientSession(object):
self.explicit_port = bool(_port)
self._path = uri[2]
default_port = 80
- if self.opts.get('certs'):
- ctx = ssl.SSLCommon.CreateSSLContext(self.opts['certs'])
- cnxOpts = {'ssl_context' : ctx}
- cnxClass = ssl.SSLCommon.PlgHTTPSConnection
- default_port = 443
- elif scheme == 'https':
+ if scheme == 'https':
cnxOpts = {}
cnxClass = httplib.HTTPSConnection
default_port = 443
@@ -1737,21 +1732,21 @@ class ClientSession(object):
certs['ca_cert'] = ca
certs['peer_ca_cert'] = serverca
- ctx = ssl.SSLCommon.CreateSSLContext(certs)
- self._cnxOpts = {'ssl_context' : ctx}
- # 60 second timeout during login
- old_timeout = self._cnxOpts.get('timeout')
- self._cnxOpts['timeout'] = 60
+ # for ssl authentication we use custom a connection class so
+ # that we can pass our certs
try:
+ old_cnx = (self._cnxClass, self._cnxOpts)
+ ctx = ssl.SSLCommon.CreateSSLContext(certs)
+ self._cnxOpts = {'ssl_context' : ctx}
+ # 60 second timeout during login
+ self._cnxOpts['timeout'] = 60
self._cnxClass = ssl.SSLCommon.PlgHTTPSConnection
if self._port == 80 and not self.explicit_port:
self._port = 443
sinfo = self.callMethod('sslLogin', proxyuser)
finally:
- if old_timeout is None:
- del self._cnxOpts['timeout']
- else:
- self._cnxOpts['timeout'] = old_timeout
+ # restore original connection type
+ self._cnxClass, self._cnxOpts = old_cnx
if not sinfo:
raise AuthError, 'unable to obtain a session'