[Inteproxy-commits] r278 - in trunk: . inteproxy

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Sep 21 20:23:10 CEST 2010 

Author: iweinzierl
Date: 2010-09-21 20:23:10 +0200 (Tue, 21 Sep 2010)
New Revision: 278

Modified:
   trunk/ChangeLog
   trunk/inteproxy.cfg
   trunk/inteproxy/config.py
   trunk/inteproxy/main.py
   trunk/inteproxy/proxycore.py
Log:
Introduced a new config parameter to specify the path to a file that contains certification authority certificates.

Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog	2010-09-21 18:09:15 UTC (rev 277)
+++ trunk/ChangeLog	2010-09-21 18:23:10 UTC (rev 278)
@@ -1,5 +1,21 @@
 2010-09-21  Ingo Weinzierl <ingo.weinzierl at intevation.de>
 
+	* inteproxy.cfg: Introduced a new parameter that defines the path to a
+	file that contains certification authority certificates - used to
+	validate remote serverrs.
+
+	* inteproxy/config.py: Read the new parameter mentioned above.
+
+	* inteproxy/main.py (run_server): Insert the new parameter cacerts into
+	MasterWorkerServer that makes it available when ssl connections are
+	created.
+
+	* inteproxy/proxycore.py (MasterWorkerServer, get_cacert_path): Added
+	cacert_path property to the constructor and getter method to retrieve
+	this path.
+
+2010-09-21  Ingo Weinzierl <ingo.weinzierl at intevation.de>
+
 	Some refactoring
 
 	* inteproxy/proxycore.py (open_http_connection): Renamed this method

Modified: trunk/inteproxy/config.py
===================================================================
--- trunk/inteproxy/config.py	2010-09-21 18:09:15 UTC (rev 277)
+++ trunk/inteproxy/config.py	2010-09-21 18:23:10 UTC (rev 278)
@@ -107,7 +107,8 @@
 inteproxy_desc = [Option("http_proxy", default=None),
                   Option("https_proxy", default=None),
                   Option("show_terms_dialog", converter=convert_bool,
-                         default=1)]
+                         default=1),
+                  Option("cacerts", default=None)]
 
 proxy_desc = [Option("host"),
               Option("port", default=80, converter=int),

Modified: trunk/inteproxy/main.py
===================================================================
--- trunk/inteproxy/main.py	2010-09-21 18:09:15 UTC (rev 277)
+++ trunk/inteproxy/main.py	2010-09-21 18:23:10 UTC (rev 278)
@@ -188,7 +188,8 @@
                         handle_proxy_config(config, "https_proxy"),
                         transcoder_map=transcoder_map,
                         rewrite_urls=opts.rewrite_urls,
-                        show_terms_dialog=config.show_terms_dialog)
+                        show_terms_dialog=config.show_terms_dialog,
+                        cacert_path=config.cacerts)
 
     # import the gtkapp here instead of at top-level to avoid loading
     # the gtk module.  The gtk module requires an Xserver connection

Modified: trunk/inteproxy/proxycore.py
===================================================================
--- trunk/inteproxy/proxycore.py	2010-09-21 18:09:15 UTC (rev 277)
+++ trunk/inteproxy/proxycore.py	2010-09-21 18:23:10 UTC (rev 278)
@@ -362,13 +362,14 @@
 
     def __init__(self, server_address, RequestHandlerClass, num_workers,
                  http_proxy, https_proxy, transcoder_map,
-                 rewrite_urls=False, show_terms_dialog=True):
+                 rewrite_urls=False, show_terms_dialog=True, cacert_path=None):
         HTTPServer.__init__(self, server_address, RequestHandlerClass)
         self.http_proxy = http_proxy
         self.https_proxy = https_proxy
         self.transcoder_map = transcoder_map
         self.rewrite_urls = rewrite_urls
         self.show_terms_dialog = show_terms_dialog
+        self.cacert_path = cacert_path
         self.thread_pool = ThreadPool(num_workers, lambda f: f())
         sys.stderr.write("[%s] starting %d worker threads\n" \
                          % (log_date_time_string(), num_workers))
@@ -378,6 +379,10 @@
         """Returns the URL of this InteProxy"""
         return "http://localhost:%d/" % self.getsockname()[1]
 
+    def get_cacert_path(self):
+        """Returns the path to a local cacert file"""
+        return self.cacert_path
+
     def process_request(self, request, client_address):
         """Put the request into the queue to be handled by the worker thread
         """

Modified: trunk/inteproxy.cfg
===================================================================
--- trunk/inteproxy.cfg	2010-09-21 18:09:15 UTC (rev 277)
+++ trunk/inteproxy.cfg	2010-09-21 18:23:10 UTC (rev 278)
@@ -34,6 +34,10 @@
 #
 # show_terms_dialog=false
 
+# The path to a file that contains certification authority certificates which
+# are used to validate certificates passed from the remote server.
+# cacerts=/path/to/cacerts.crt
+
 # [http_proxy_authentification]
 # host=upstream.proxy.url.com
 # port=8080

More information about the Inteproxy-commits mailing list