summaryrefslogtreecommitdiff
path: root/client/src
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2014-12-09 16:07:17 -0600
committerdrebs <drebs@leap.se>2014-12-11 16:49:35 -0200
commitdafcfac4663d00ee2049b0a245c2ecb84ef2bad5 (patch)
treea9b0ca7089ae72e0bda0b0c1dffcd10e626c8a02 /client/src
parent7496a78b2d82d27a7b2470f5393f0e531ef75360 (diff)
Fix incorrect ssl context setup
The changes introduced in aafa79c0f5 having to do with the cert verification are incorrect, regarding the use of the newest ssl context api introduced in python 2.7.9. There the use of the server setup was taken, instead of the correct client options. I hereby apologize for the insuficient testing on that fix. It happens that I wrongly tested in an evironment that did the fallback to pre-2.7.9 interpreter.
Diffstat (limited to 'client/src')
-rw-r--r--client/src/leap/soledad/client/__init__.py5
1 files changed, 2 insertions, 3 deletions
diff --git a/client/src/leap/soledad/client/__init__.py b/client/src/leap/soledad/client/__init__.py
index c350d021..c5832249 100644
--- a/client/src/leap/soledad/client/__init__.py
+++ b/client/src/leap/soledad/client/__init__.py
@@ -1343,10 +1343,9 @@ class VerifiedHTTPSConnection(httplib.HTTPSConnection):
ctx.options |= ssl.OP_NO_SSLv2
ctx.options |= ssl.OP_NO_SSLv3
- ctx.load_cert_chain(certfile=SOLEDAD_CERT)
+ ctx.load_verify_locations(cafile=SOLEDAD_CERT)
ctx.verify_mode = ssl.CERT_REQUIRED
- self.sock = ctx.wrap_socket(
- sock, server_side=True, server_hostname=self.host)
+ self.sock = ctx.wrap_socket(sock)
except AttributeError:
self.sock = ssl.wrap_socket(