summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2014-12-09 16:07:17 -0600
committerKali Kaneko <kali@leap.se>2014-12-09 16:07:29 -0600
commitd234ec94734219116b1190232b6ba9c1a118e1d6 (patch)
tree36ad8280342bdf62adfdd7a1f69b48df9f4dae04
parent69d41302f6058f79ef565f5b3f4d88d38974a028 (diff)
Fix incorrect ssl context setup
The changes introduced in aafa79c0f5 having to do with the cert verification are incorrect, regarding the use of the newest ssl context api introduced in python 2.7.9. There the use of the server setup was taken, instead of the correct client options. I hereby apologize for the insuficient testing on that fix. It happens that I wrongly tested in an evironment that did the fallback to pre-2.7.9 interpreter.
-rw-r--r--client/src/leap/soledad/client/__init__.py5
1 files changed, 2 insertions, 3 deletions
diff --git a/client/src/leap/soledad/client/__init__.py b/client/src/leap/soledad/client/__init__.py
index d7d01b57..0750dfbe 100644
--- a/client/src/leap/soledad/client/__init__.py
+++ b/client/src/leap/soledad/client/__init__.py
@@ -819,10 +819,9 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
ctx.options |= ssl.OP_NO_SSLv2
ctx.options |= ssl.OP_NO_SSLv3
- ctx.load_cert_chain(certfile=SOLEDAD_CERT)
+ ctx.load_verify_locations(cafile=SOLEDAD_CERT)
ctx.verify_mode = ssl.CERT_REQUIRED
- self.sock = ctx.wrap_socket(
- sock, server_side=True, server_hostname=self.host)
+ self.sock = ctx.wrap_socket(sock)
except AttributeError:
self.sock = ssl.wrap_socket(