commit d13f2add516c3bc8eba0ef5c9ab870a533196c7b
Author: James Antill <james@and.org>
Date: Fri Apr 3 10:35:16 2009 -0400
Add ssl options for x509 checking and sslcacert
diff --git a/yum/config.py b/yum/config.py
index d3ace8f..1f81ffa 100644
--- a/yum/config.py
+++ b/yum/config.py
@@ -603,6 +603,11 @@ class YumConf(StartupConf):
logfile = Option('/var/log/yum.log')
reposdir = ListOption(['/etc/yum/repos.d', '/etc/yum.repos.d'])
+ sslcacert = Option()
+ sslverify = BoolOption(False)
+ sslclientcert = Option()
+ sslclientkey = Option()
+
commands = ListOption()
exclude = ListOption()
failovermethod = Option('roundrobin')
@@ -739,6 +744,11 @@ class RepoConf(BaseConfig):
# checksumming of the repomd.xml.
mdpolicy = Inherit(YumConf.mdpolicy)
cost = IntOption(1000)
+
+ sslcacert=Inherit(YumConf.sslcacert)
+ sslverify=Inherit(YumConf.sslverify)
+ sslclientcert=Inherit(YumConf.sslclientcert)
+ sslclientkey=Inherit(YumConf.sslclientkey)
def readStartupConfig(configfile, root):
'''
commit e50c2f7b68b05a8eccc366cc460655591e75e292
Author: James Antill <james@and.org>
Date: Fri Apr 3 10:41:17 2009 -0400
Alter yum download code for x509 cert checking and sslcacert
diff --git a/yum/yumRepo.py b/yum/yumRepo.py
index 71741db..0e243b8 100644
--- a/yum/yumRepo.py
+++ b/yum/yumRepo.py
@@ -36,6 +36,12 @@ from yum import misc
from constants import *
import metalink
+try:
+ from M2Crypto import SSL
+ m2cryptoLoaded = True
+except ImportError:
+ m2cryptoLoaded = False
+
import logging
import logginglevels
@@ -248,6 +254,10 @@ class YumRepository(Repository, config.RepoConf):
self._metalink = None
self.groups_added = False
self.http_headers = {}
+ self.sslcacert = None
+ self.sslverify = False
+ self.sslclientcert = None
+ self.sslclientkey = None
self.repo_config_age = 0 # if we're a repo not from a file then the
# config is very, very old
# throw in some stubs for things that will be set by the config class
@@ -472,7 +482,8 @@ class YumRepository(Repository, config.RepoConf):
timeout=self.timeout,
copy_local=self.copy_local,
http_headers=headers,
- reget='simple')
+ reget='simple',
+ ssl_context = self._getSslContext())
self._grabfunc.opts.user_agent = default_grabber.opts.user_agent
@@ -597,6 +608,22 @@ class YumRepository(Repository, config.RepoConf):
self.baseurl = self._urls
self.check()
+ def _getSslContext(self):
+ if not m2cryptoLoaded:
+ return None
+ sslCtx = SSL.Context()
+ if self.sslverify:
+ sslCtx.set_verify(SSL.verify_peer | SSL.verify_fail_if_no_peer_cert,
+ 12)
+ else:
+ sslCtx.set_allow_unknown_ca(True)
+ sslCtx.set_verify(SSL.verify_none, -1)
+ if self.sslcacert:
+ sslCtx.load_verify_locations(self.sslcacert)
+ if self.sslclientcert:
+ sslCtx.load_cert(self.sslclientcert, self.sslclientkey)
+ return sslCtx
+
def _replace_and_check_url(self, url_list):
goodurls = []
skipped = None
@@ -742,6 +769,7 @@ class YumRepository(Repository, config.RepoConf):
timeout=self.timeout,
checkfunc=checkfunc,
http_headers=headers,
+ ssl_ca_cert = self.sslcacert
)
ug.opts.user_agent = default_grabber.opts.user_agent
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
e53c27ce7a27944d2cee0a028d0ccfc9
>
files
>
22
