1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Copyright 2013 IBM Corp.
5
# Licensed under the Apache License, Version 2.0 (the "License"); you may
6
# not use this file except in compliance with the License. You may obtain
7
# a copy of the License at
9
# http://www.apache.org/licenses/LICENSE-2.0
11
# Unless required by applicable law or agreed to in writing, software
12
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14
# License for the specific language governing permissions and limitations
20
from oslo.config import cfg
22
from ceilometer.openstack.common.gettextutils import _ # noqa
28
help="CA certificate file to use to verify "
29
"connecting clients"),
30
cfg.StrOpt('cert_file',
32
help="Certificate file to use when starting "
33
"the server securely"),
34
cfg.StrOpt('key_file',
36
help="Private key file to use when starting "
37
"the server securely"),
42
CONF.register_opts(ssl_opts, "ssl")
46
cert_file = CONF.ssl.cert_file
47
key_file = CONF.ssl.key_file
48
ca_file = CONF.ssl.ca_file
49
use_ssl = cert_file or key_file
51
if cert_file and not os.path.exists(cert_file):
52
raise RuntimeError(_("Unable to find cert_file : %s") % cert_file)
54
if ca_file and not os.path.exists(ca_file):
55
raise RuntimeError(_("Unable to find ca_file : %s") % ca_file)
57
if key_file and not os.path.exists(key_file):
58
raise RuntimeError(_("Unable to find key_file : %s") % key_file)
60
if use_ssl and (not cert_file or not key_file):
61
raise RuntimeError(_("When running server in SSL mode, you must "
62
"specify both a cert_file and key_file "
63
"option value in your configuration file"))
71
'certfile': CONF.ssl.cert_file,
72
'keyfile': CONF.ssl.key_file,
73
'cert_reqs': ssl.CERT_NONE,
77
ssl_kwargs['ca_certs'] = CONF.ssl.ca_file
78
ssl_kwargs['cert_reqs'] = ssl.CERT_REQUIRED
80
return ssl.wrap_socket(sock, **ssl_kwargs)
84
"tlsv1": ssl.PROTOCOL_TLSv1,
85
"sslv23": ssl.PROTOCOL_SSLv23,
86
"sslv3": ssl.PROTOCOL_SSLv3
90
_SSL_PROTOCOLS["sslv2"] = ssl.PROTOCOL_SSLv2
91
except AttributeError:
95
def validate_ssl_version(version):
98
return _SSL_PROTOCOLS[key]
100
raise RuntimeError(_("Invalid SSL version : %s") % version)