summaryrefslogtreecommitdiffstats
path: root/ipapython/nsslib.py
diff options
context:
space:
mode:
Diffstat (limited to 'ipapython/nsslib.py')
-rw-r--r--ipapython/nsslib.py15
1 files changed, 14 insertions, 1 deletions
diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py
index e347d2179..c4d8cdcf6 100644
--- a/ipapython/nsslib.py
+++ b/ipapython/nsslib.py
@@ -208,12 +208,25 @@ class NSSConnection(httplib.HTTPConnection, NSSAddressFamilyFallback):
self._create_socket()
def _create_socket(self):
+
+ #TODO remove the try block once python-nss is guaranteed to
+ #contain these values
+ try :
+ ssl_enable_renegotiation = SSL_ENABLE_RENEGOTIATION #pylint: disable=E0602
+ ssl_require_safe_negotiation = SSL_REQUIRE_SAFE_NEGOTIATION #pylint: disable=E0602
+ ssl_renegotiate_requires_xtn = SSL_RENEGOTIATE_REQUIRES_XTN #pylint: disable=E0602
+ except :
+ ssl_enable_renegotiation = 20
+ ssl_require_safe_negotiation = 21
+ ssl_renegotiate_requires_xtn = 2
+
# Create the socket here so we can do things like let the caller
# override the NSS callbacks
self.sock = ssl.SSLSocket(family=self.family)
self.sock.set_ssl_option(ssl.SSL_SECURITY, True)
self.sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
-
+ self.sock.set_ssl_option(ssl_require_safe_negotiation, False)
+ self.sock.set_ssl_option(ssl_enable_renegotiation, ssl_renegotiate_requires_xtn)
# Provide a callback which notifies us when the SSL handshake is complete
self.sock.set_handshake_callback(self.handshake_callback)