diff options
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/dogtag.py | 2 | ||||
| -rw-r--r-- | ipapython/nsslib.py | 15 |
2 files changed, 15 insertions, 2 deletions
diff --git a/ipapython/dogtag.py b/ipapython/dogtag.py index 969535e4b..02f981974 100644 --- a/ipapython/dogtag.py +++ b/ipapython/dogtag.py @@ -34,7 +34,7 @@ def get_ca_certchain(ca_host=None): if ca_host is None: ca_host = api.env.ca_host chain = None - conn = httplib.HTTPConnection(ca_host, api.env.ca_port) + conn = httplib.HTTPConnection(ca_host, api.env.ca_install_port) conn.request("GET", "/ca/ee/ca/getCertChain") res = conn.getresponse() doc = None diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py index e347d2179..c4d8cdcf6 100644 --- a/ipapython/nsslib.py +++ b/ipapython/nsslib.py @@ -208,12 +208,25 @@ class NSSConnection(httplib.HTTPConnection, NSSAddressFamilyFallback): self._create_socket() def _create_socket(self): + + #TODO remove the try block once python-nss is guaranteed to + #contain these values + try : + ssl_enable_renegotiation = SSL_ENABLE_RENEGOTIATION #pylint: disable=E0602 + ssl_require_safe_negotiation = SSL_REQUIRE_SAFE_NEGOTIATION #pylint: disable=E0602 + ssl_renegotiate_requires_xtn = SSL_RENEGOTIATE_REQUIRES_XTN #pylint: disable=E0602 + except : + ssl_enable_renegotiation = 20 + ssl_require_safe_negotiation = 21 + ssl_renegotiate_requires_xtn = 2 + # Create the socket here so we can do things like let the caller # override the NSS callbacks self.sock = ssl.SSLSocket(family=self.family) self.sock.set_ssl_option(ssl.SSL_SECURITY, True) self.sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True) - + self.sock.set_ssl_option(ssl_require_safe_negotiation, False) + self.sock.set_ssl_option(ssl_enable_renegotiation, ssl_renegotiate_requires_xtn) # Provide a callback which notifies us when the SSL handshake is complete self.sock.set_handshake_callback(self.handshake_callback) |