libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anthonys...@apache.org
Subject [2/4] libcloud git commit: If certifi library is available and installed on the system, insert certifi CA bundle path in the front of the Libcloud CA bundle search list.
Date Fri, 17 Jun 2016 06:39:32 GMT
If certifi library is available and installed on the system, insert certifi CA bundle path
in the front of the Libcloud CA bundle search list.

This behavior can be disabled by setting LIBCLOUD_SSL_USE_CERTIFI environment
variable to false.


Project: http://git-wip-us.apache.org/repos/asf/libcloud/repo
Commit: http://git-wip-us.apache.org/repos/asf/libcloud/commit/ec78da25
Tree: http://git-wip-us.apache.org/repos/asf/libcloud/tree/ec78da25
Diff: http://git-wip-us.apache.org/repos/asf/libcloud/diff/ec78da25

Branch: refs/heads/trunk
Commit: ec78da25b24c1b1e01ad7b830c9e6be2088acb5c
Parents: a4a58f9
Author: Tomaz Muraus <tomaz@tomaz.me>
Authored: Tue Jun 14 18:18:48 2016 +0200
Committer: Anthony Shaw <anthonyshaw@apache.org>
Committed: Fri Jun 17 16:36:42 2016 +1000

----------------------------------------------------------------------
 libcloud/security.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/libcloud/blob/ec78da25/libcloud/security.py
----------------------------------------------------------------------
diff --git a/libcloud/security.py b/libcloud/security.py
index 782d138..8338a44 100644
--- a/libcloud/security.py
+++ b/libcloud/security.py
@@ -36,6 +36,10 @@ VERIFY_SSL_CERT = True
 
 SSL_VERSION = ssl.PROTOCOL_TLSv1
 
+# True to use certifi CA bundle path when certifi library is available
+USE_CERTIFI = os.environ.get('LIBCLOUD_SSL_USE_CERTIFI', True)
+USE_CERTIFI = str(USE_CERTIFI).lower() in ['true', '1']
+
 # File containing one or more PEM-encoded CA certificates
 # concatenated together.
 CA_CERTS_PATH = [
@@ -61,6 +65,21 @@ CA_CERTS_PATH = [
     '/etc/ssl/certs/YaST-CA.pem',
 ]
 
+# Insert certifi CA bundle path to the front of Libcloud CA bundle search
+# path if certifi is available
+try:
+    import certifi
+except ImportError:
+    has_certifi = False
+else:
+    has_certifi = True
+
+if has_certifi and USE_CERTIFI:
+    certifi_ca_bundle_path = certifi.where()
+
+    if certifi_ca_bundle_path not in CA_CERTS_PATH:
+        CA_CERTS_PATH.insert(0, certifi_ca_bundle_path)
+
 # Allow user to explicitly specify which CA bundle to use, using an environment
 # variable
 environment_cert_file = os.getenv('SSL_CERT_FILE', None)


Mime
View raw message