Merge "Convert kombu SSL version string into integer"

author: Jenkins <jenkins@review.openstack.org> 2013-07-12 00:55:58 +0000
committer: Gerrit Code Review <review@openstack.org> 2013-07-12 00:55:58 +0000
commit: ca0ca29e3f04ced20f62c33ad8b5bf7492775824 (patch)
tree: d21ab6f32947d17dde6d21dd6afdd9ee82e0d4be /openstack/common
parent: 6d99275a8144839c2ecf7776a6863fefeef243d1 (diff)
parent: 99b7c354271e2ed0893b3c48c7f2a58a55b59b11 (diff)
download: oslo-ca0ca29e3f04ced20f62c33ad8b5bf7492775824.tar.gz
oslo-ca0ca29e3f04ced20f62c33ad8b5bf7492775824.tar.xz
oslo-ca0ca29e3f04ced20f62c33ad8b5bf7492775824.zip
2 files changed, 27 insertions, 2 deletions
diff --git a/openstack/common/rpc/impl_kombu.py b/openstack/common/rpc/impl_kombu.py
index 3e9e2d9..809fa3d 100644
--- a/openstack/common/rpc/impl_kombu.py
+++ b/openstack/common/rpc/impl_kombu.py
@@ -34,11 +34,15 @@ from openstack.common.gettextutils import _  # noqa
 from openstack.common import network_utils
 from openstack.common.rpc import amqp as rpc_amqp
 from openstack.common.rpc import common as rpc_common
+from openstack.common import sslutils
 
 kombu_opts = [
     cfg.StrOpt('kombu_ssl_version',
                default='',
-               help='SSL version to use (valid only if SSL enabled)'),
+               help='SSL version to use (valid only if SSL enabled). '
+                    'valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may '
+                    'be available on some distributions'
+               ),
     cfg.StrOpt('kombu_ssl_keyfile',
                default='',
                help='SSL key file (valid only if SSL enabled)'),
@@ -477,7 +481,8 @@ class Connection(object):
 
         # http://docs.python.org/library/ssl.html - ssl.wrap_socket
         if self.conf.kombu_ssl_version:
-            ssl_params['ssl_version'] = self.conf.kombu_ssl_version
+            ssl_params['ssl_version'] = sslutils.validate_ssl_version(
+                self.conf.kombu_ssl_version)
         if self.conf.kombu_ssl_keyfile:
             ssl_params['keyfile'] = self.conf.kombu_ssl_keyfile
         if self.conf.kombu_ssl_certfile:
diff --git a/openstack/common/sslutils.py b/openstack/common/sslutils.py
index 23f8bbf..5f6f964 100644
--- a/openstack/common/sslutils.py
+++ b/openstack/common/sslutils.py
@@ -78,3 +78,23 @@ def wrap(sock):
         ssl_kwargs['cert_reqs'] = ssl.CERT_REQUIRED
 
     return ssl.wrap_socket(sock, **ssl_kwargs)
+
+
+_SSL_PROTOCOLS = {
+    "tlsv1": ssl.PROTOCOL_TLSv1,
+    "sslv23": ssl.PROTOCOL_SSLv23,
+    "sslv3": ssl.PROTOCOL_SSLv3
+}
+
+try:
+    _SSL_PROTOCOLS["sslv2"] = ssl.PROTOCOL_SSLv2
+except AttributeError:
+    pass
+
+
+def validate_ssl_version(version):
+    key = version.lower()
+    try:
+        return _SSL_PROTOCOLS[key]
+    except KeyError:
+        raise RuntimeError(_("Invalid SSL version : %s") % version)
author	Jenkins <jenkins@review.openstack.org>	2013-07-12 00:55:58 +0000
committer	Gerrit Code Review <review@openstack.org>	2013-07-12 00:55:58 +0000
commit	ca0ca29e3f04ced20f62c33ad8b5bf7492775824 (patch)
tree	d21ab6f32947d17dde6d21dd6afdd9ee82e0d4be /openstack/common
parent	6d99275a8144839c2ecf7776a6863fefeef243d1 (diff)
parent	99b7c354271e2ed0893b3c48c7f2a58a55b59b11 (diff)
download	oslo-ca0ca29e3f04ced20f62c33ad8b5bf7492775824.tar.gz oslo-ca0ca29e3f04ced20f62c33ad8b5bf7492775824.tar.xz oslo-ca0ca29e3f04ced20f62c33ad8b5bf7492775824.zip