diff options
| author | Paweł Szulik <pawel.szulik@intel.com> | 2019-08-06 19:18:41 +0200 |
|---|---|---|
| committer | Stephen SORRIAUX <stephen.sorriaux@gmail.com> | 2019-08-06 19:18:41 +0200 |
| commit | ab0cd00c12624b07dcc3b2d62aa96f8f1e658f65 (patch) | |
| tree | cf5e1d6e5f232477769a482f4a5d3d49965c40c3 | |
| parent | 88b657a0977161f3815657878ba48f82a97a3846 (diff) | |
| download | kazoo-ab0cd00c12624b07dcc3b2d62aa96f8f1e658f65.tar.gz | |
feat(utils): extend create_tcp_connection utility (#568)
Add parameters to setup SSL context options and ciphers when playing with secure connection.
It can be set via a handler:
```
class MySequentialThreadingHandler(SequentialThreadingHandler):
def create_connection(self, *args, **kwargs):
return create_tcp_connection(socket, options=MY_OPTIONS, ciphers=MY_CIPHERS,
*args, **kwargs)
```
| -rw-r--r-- | kazoo/handlers/utils.py | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/kazoo/handlers/utils.py b/kazoo/handlers/utils.py index bd1b92e..fa561fe 100644 --- a/kazoo/handlers/utils.py +++ b/kazoo/handlers/utils.py @@ -191,7 +191,7 @@ def create_tcp_socket(module): def create_tcp_connection(module, address, timeout=None, use_ssl=False, ca=None, certfile=None, keyfile=None, keyfile_password=None, - verify_certs=True): + verify_certs=True, options=None, ciphers=None): end = None if timeout is None: # thanks to create_connection() developers for @@ -211,8 +211,16 @@ def create_tcp_connection(module, address, timeout=None, if use_ssl: # Disallow use of SSLv2 and V3 (meaning we require TLSv1.0+) context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) - context.options |= ssl.OP_NO_SSLv2 - context.options |= ssl.OP_NO_SSLv3 + + if options is not None: + context.options = options + else: + context.options |= ssl.OP_NO_SSLv2 + context.options |= ssl.OP_NO_SSLv3 + + if ciphers: + context.set_ciphers(ciphers) + # Load default CA certs context.load_default_certs(ssl.Purpose.SERVER_AUTH) context.verify_mode = ( |