diff options
| author | Robert Schweikert <rjschwei@suse.com> | 2014-03-03 11:54:12 -0500 |
|---|---|---|
| committer | Robert Schweikert <rjschwei@suse.com> | 2014-03-03 18:46:07 -0500 |
| commit | cf8b2f0f29c979b91d2606aa40b4bacceb11e8ad (patch) | |
| tree | 00c57ae5075917a238f1446227db200427f5df0a /boto/connection.py | |
| parent | 64eedcea100c46db21a74953b0d809177c746bb7 (diff) | |
| download | boto-cf8b2f0f29c979b91d2606aa40b4bacceb11e8ad.tar.gz | |
- Allow the use of system provided certificate setup that may be incorporated
into the SSL library used on the specific system
+ At present we either use the default certificate bundle we ship with the
boto source, or we force a user/integrator to create a bundle file of their
own. Linux distributors build the way certificates are used and validated
into their SSL implementation. This change allows integrators to use their
way of certificate handling by setting the configuration to the new
"system" keyword.
Diffstat (limited to 'boto/connection.py')
| -rw-r--r-- | boto/connection.py | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/boto/connection.py b/boto/connection.py index c40acf1f..a178d1fd 100644 --- a/boto/connection.py +++ b/boto/connection.py @@ -494,8 +494,11 @@ class AWSAuthConnection(object): "support this feature are not available. Certificate " "validation is only supported when running under Python " "2.6 or later.") - self.ca_certificates_file = config.get_value( + certs_file = config.get_value( 'Boto', 'ca_certificates_file', DEFAULT_CA_CERTS_FILE) + if certs_file == 'system': + certs_file = None + self.ca_certificates_file = certs_file if port: self.port = port else: @@ -821,9 +824,12 @@ class AWSAuthConnection(object): h = httplib.HTTPConnection(host) if self.https_validate_certificates and HAVE_HTTPS_CONNECTION: - boto.log.debug("wrapping ssl socket for proxied connection; " - "CA certificate file=%s", - self.ca_certificates_file) + msg = "wrapping ssl socket for proxied connection; " + if self.ca_certificates_file: + msg += "CA certificate file=%s" %self.ca_certificates_file + else: + msg += "using system provided SSL certs" + boto.log.debug(msg) key_file = self.http_connection_kwargs.get('key_file', None) cert_file = self.http_connection_kwargs.get('cert_file', None) sslSock = ssl.wrap_socket(sock, keyfile=key_file, |