diff options
author | Kali Kaneko <kali@leap.se> | 2014-12-09 16:07:17 -0600 |
---|---|---|
committer | drebs <drebs@leap.se> | 2014-12-11 16:49:35 -0200 |
commit | dafcfac4663d00ee2049b0a245c2ecb84ef2bad5 (patch) | |
tree | a9b0ca7089ae72e0bda0b0c1dffcd10e626c8a02 /client/src/leap | |
parent | 7496a78b2d82d27a7b2470f5393f0e531ef75360 (diff) |
Fix incorrect ssl context setup
The changes introduced in aafa79c0f5 having to do with the cert
verification are incorrect, regarding the use of the newest ssl context
api introduced in python 2.7.9. There the use of the server setup was
taken, instead of the correct client options.
I hereby apologize for the insuficient testing on that fix. It happens
that I wrongly tested in an evironment that did the fallback to
pre-2.7.9 interpreter.
Diffstat (limited to 'client/src/leap')
-rw-r--r-- | client/src/leap/soledad/client/__init__.py | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/client/src/leap/soledad/client/__init__.py b/client/src/leap/soledad/client/__init__.py index c350d021..c5832249 100644 --- a/client/src/leap/soledad/client/__init__.py +++ b/client/src/leap/soledad/client/__init__.py @@ -1343,10 +1343,9 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection): ctx.options |= ssl.OP_NO_SSLv2 ctx.options |= ssl.OP_NO_SSLv3 - ctx.load_cert_chain(certfile=SOLEDAD_CERT) + ctx.load_verify_locations(cafile=SOLEDAD_CERT) ctx.verify_mode = ssl.CERT_REQUIRED - self.sock = ctx.wrap_socket( - sock, server_side=True, server_hostname=self.host) + self.sock = ctx.wrap_socket(sock) except AttributeError: self.sock = ssl.wrap_socket( |