Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

suport for python 3.12 on aggr #6

Open
wants to merge 7 commits into
base: python3.8_aggr
Choose a base branch
from
+130 −19
Open

suport for python 3.12 on aggr #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
5bdac25
suport for python 3.12 on aggr
alexk4153 May 30, 2024
0f835c9
Patches for python 3.12
alexk4153 Jun 2, 2024
6dec029
enable host name verification on SSLContext, remove deprecated SSL23
alexk4153 Jun 3, 2024
6f25f10
load_default certs because we dont use default context
alexk4153 Jun 3, 2024
c28081b
GC-86404 making it competable for HPVM as it runs on Python 2.7
Nir-Davidovitch Jun 10, 2024
e691c6d
GC-89692-SSLError->OsError
alexk4153 Jul 28, 2024
b4bbe79
Merge pull request #7 from guardicore/AlexK/python3.12_aggr_
alexk4153 Jul 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .idea/.gitignore
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 14 additions & 0 deletions .idea/haigha2.iml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions .idea/inspectionProfiles/Project_Default.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions .idea/inspectionProfiles/profiles_settings.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions .idea/misc.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions .idea/modules.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions .idea/vcs.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion haigha2/ssl_connection.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ def _initialize_transport(self, transport_type):
raise Exception("Transport type is '{transport_type}' but {transport_type} not installed".format(
transport_type=transport_type))
return transport_class

def verify_hostname(self, host_name):
cert = self._transport._sock.getpeercert()
if not cert:
Expand Down
86 changes: 69 additions & 17 deletions haigha2/transports/eventlet_transport.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,10 @@
from eventlet.timeout import Timeout as EventletTimeout
from eventlet.green import socket as eventlet_socket
from eventlet.green import ssl as eventlet_ssl
from eventlet.green.ssl import GreenSSLSocket, timeout_exc, CERT_NONE, PROTOCOL_SSLv23
if sys.version_info >= (3, 12):
from eventlet.green.ssl import GreenSSLSocket, timeout_exc, CERT_REQUIRED, PROTOCOL_TLS
else:
from eventlet.green.ssl import GreenSSLSocket, timeout_exc, CERT_NONE, PROTOCOL_SSLv23
from eventlet.greenio import SOCKET_CLOSED, GreenSocket
from eventlet.hubs import trampoline
from eventlet.support import get_errno, PY33
Expand All @@ -37,7 +40,10 @@


_original_sslsocket = __ssl.SSLSocket
_original_wrap_socket = __ssl.wrap_socket
if sys.version_info >= (3, 12):
_original_wrap_socket = __ssl.SSLContext.wrap_socket
else:
_original_wrap_socket = __ssl.wrap_socket
_original_sslcontext = getattr(__ssl, 'SSLContext', None)
_is_under_py_3_7 = sys.version_info < (3, 7)

Expand Down Expand Up @@ -120,7 +126,8 @@ def recv(self, *args, **kwargs):
try:
return super(FixedGreenSSLSocket, self).recv(*args, **kwargs)
except timeout_exc as e:
if e.msg == 'timed out':
# GC-89692 -> e has no attribute 'msg'
if isinstance(e, socket.timeout) :
raise socket.timeout('timed out')
raise

Expand All @@ -139,9 +146,16 @@ def _original_ssl_context(*args, **kwargs):


class FixedEventletGreenSSLSocket(FixedGreenSSLSocket):
if sys.version_info >= (3, 12):
default_cert_reqs = CERT_REQUIRED
default_ssl_version = PROTOCOL_TLS
else:
default_cert_reqs = CERT_NONE
default_ssl_version = PROTOCOL_SSLv23

def __new__(cls, sock=None, keyfile=None, certfile=None,
server_side=False, cert_reqs=CERT_NONE,
ssl_version=PROTOCOL_SSLv23, ca_certs=None,
server_side=False, cert_reqs=default_cert_reqs,
ssl_version=default_ssl_version, ca_certs=None,
do_handshake_on_connect=True, *args, **kw):
if _is_under_py_3_7:
return super(FixedEventletGreenSSLSocket, cls).__new__(cls)
Expand All @@ -161,23 +175,38 @@ def __new__(cls, sock=None, keyfile=None, certfile=None,
session=kw.get('session'),
)
else:
ret = _original_wrap_socket(
sock=sock.fd,
keyfile=keyfile,
certfile=certfile,
server_side=server_side,
cert_reqs=cert_reqs,
ssl_version=ssl_version,
ca_certs=ca_certs,
do_handshake_on_connect=False,
ciphers=kw.get('ciphers'),
)
if sys.version_info >= (3, 12):
ret = cls._wrap_socket(
sock=sock.fd,
keyfile=keyfile,
certfile=certfile,
server_side=server_side,
cert_reqs=cert_reqs,
ssl_version=ssl_version,
ca_certs=ca_certs,
do_handshake_on_connect=False,
ciphers=kw.get('ciphers'),
server_hostname=kw.get('server_hostname')
)
else:
ret = _original_wrap_socket(
sock=sock.fd,
keyfile=keyfile,
certfile=certfile,
server_side=server_side,
cert_reqs=cert_reqs,
ssl_version=ssl_version,
ca_certs=ca_certs,
do_handshake_on_connect=False,
ciphers=kw.get('ciphers'),
)
ret.keyfile = keyfile
ret.certfile = certfile
ret.cert_reqs = cert_reqs
ret.ssl_version = ssl_version
ret.ca_certs = ca_certs
ret.server_hostname = kw.get('server_hostname')
if sys.version_info < (3, 12):
ret.server_hostname = kw.get('server_hostname')
ret.__class__ = FixedEventletGreenSSLSocket
return ret

Expand Down Expand Up @@ -217,6 +246,29 @@ def connect(self, addr):

if self.do_handshake_on_connect:
self.do_handshake()

@staticmethod
def _wrap_socket(sock, keyfile, certfile, server_side, cert_reqs,
ssl_version, ca_certs, do_handshake_on_connect, ciphers, server_hostname):
context = _original_sslcontext(protocol=ssl_version)
context.options |= cert_reqs
if certfile or keyfile:
context.load_cert_chain(
certfile=certfile,
keyfile=keyfile,
)
if ca_certs:
context.load_verify_locations(cafile=ca_certs)
if ciphers:
context.set_ciphers(ciphers)
context.check_hostname = True
context.load_default_certs()
return context.wrap_socket(
server_hostname=server_hostname,
sock=sock,
server_side=server_side,
do_handshake_on_connect=do_handshake_on_connect,
)


class SSLEventletTransport(EventletTransport):
Expand Down
5 changes: 4 additions & 1 deletion haigha2/transports/gevent_transport.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@
try:
import gevent
import gevent.ssl
import gevent._socket2
try:
import gevent._socket3
except:
import gevent._socket2
import gevent.socket
import gevent.ssl
from gevent.event import Event
Expand Down