libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From to...@apache.org
Subject [1/9] libcloud git commit: Throw a more friendly error message if establishing SSL / TLS connection fails.
Date Thu, 14 Jan 2016 20:15:28 GMT
Repository: libcloud
Updated Branches:
  refs/heads/trunk 4a328a4a4 -> b515b8f84


Throw a more friendly error message if establishing SSL / TLS connection fails.


Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/a9acb7fc
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/a9acb7fc
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/a9acb7fc

Branch: refs/heads/trunk
Commit: a9acb7fca02867c3d1aa101c9d457803cfb7aef1
Parents: 6a1b6a3
Author: Tomaz Muraus <tomaz@apache.org>
Authored: Thu Jan 14 13:47:09 2016 +0100
Committer: Tomaz Muraus <tomaz@apache.org>
Committed: Thu Jan 14 13:47:09 2016 +0100

----------------------------------------------------------------------
 libcloud/httplib_ssl.py | 46 ++++++++++++++++++++++++++++++++++++++------
 1 file changed, 40 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/libcloud/blob/a9acb7fc/libcloud/httplib_ssl.py
----------------------------------------------------------------------
diff --git a/libcloud/httplib_ssl.py b/libcloud/httplib_ssl.py
index cac4098..a447e50 100644
--- a/libcloud/httplib_ssl.py
+++ b/libcloud/httplib_ssl.py
@@ -40,6 +40,24 @@ __all__ = [
 
 HTTP_PROXY_ENV_VARIABLE_NAME = 'http_proxy'
 
+# Error message which is thrown when establishing SSL / TLS connection fails
+UNSUPPORTED_TLS_VERSION_ERROR_MSG = """
+Failed to establish SSL / TLS connection (%s). It is possible that the server \
+doesn't support requested SSL / TLS version (%s).
+For information on how to work around this issue, please see \
+https://libcloud.readthedocs.org/en/latest/other/\
+ssl-certificate-validation.html#changing-used-ssl-tls-version
+""".strip()
+
+# Maps ssl.PROTOCOL_* constant to the actual SSL / TLS version name
+SSL_CONSTANT_TO_TLS_VERSION_MAP = {
+    0: 'SSL v2',
+    2: 'SSLv3, TLS v1.0, TLS v1.1, TLS v1.2',
+    3: 'TLS v1.0',
+    4: 'TLS v1.1',
+    5: 'TLS v1.2'
+}
+
 
 class LibcloudBaseConnection(object):
     """
@@ -272,12 +290,28 @@ class LibcloudHTTPSConnection(httplib.HTTPSConnection, LibcloudBaseConnection):
         if self.http_proxy_used:
             self._activate_http_proxy(sock=sock)
 
-        self.sock = ssl.wrap_socket(sock,
-                                    self.key_file,
-                                    self.cert_file,
-                                    cert_reqs=ssl.CERT_REQUIRED,
-                                    ca_certs=self.ca_cert,
-                                    ssl_version=libcloud.security.SSL_VERSION)
+        try:
+            self.sock = ssl.wrap_socket(sock,
+                                        self.key_file,
+                                        self.cert_file,
+                                        cert_reqs=ssl.CERT_REQUIRED,
+                                        ca_certs=self.ca_cert,
+                                        ssl_version=libcloud.security.SSL_VERSION)
+        except Exception:
+            exc_cls = sys.exc_info()[0]
+            e = sys.exc_info()[1]
+
+            exc_msg = str(e)
+            # Re-throw an exception with a more friendly error message
+            if 'connection reset by peer' in exc_msg.lower():
+                ssl_version = libcloud.security.SSL_VERSION
+                ssl_version = SSL_CONSTANT_TO_TLS_VERSION_MAP[ssl_version]
+                msg = UNSUPPORTED_TLS_VERSION_ERROR_MSG % (exc_msg, ssl_version)
+                new_e = exc_cls(msg)
+                new_e.original_exc = e
+                raise new_e
+
+            raise e
         cert = self.sock.getpeercert()
         try:
             match_hostname(cert, self.host)


Mime
View raw message