|
42 |
from .message import Request, Response, IncompleteMessageError, ParseError |
42 |
from .message import Request, Response, IncompleteMessageError, ParseError |
43 |
from .definitions import RECV_BUFFER_SIZE, BAD_REQUEST_AUTH_FAILED, SUCCESS, status_description |
43 |
from .definitions import RECV_BUFFER_SIZE, BAD_REQUEST_AUTH_FAILED, SUCCESS, status_description |
44 |
from ..log import CORE, PROTOCOL |
44 |
from ..log import CORE, PROTOCOL |
|
|
45 |
from ..config import ucr |
45 |
from OpenSSL import SSL |
46 |
from OpenSSL import SSL |
46 |
|
47 |
|
47 |
import notifier |
48 |
import notifier |
Lines 97-104
def __init__(self, servername='localhost', port=6670, unix=None, ssl=True):
|
Link Here
|
---|
|
97 |
self.__ssl = ssl |
98 |
self.__ssl = ssl |
98 |
self.__unix = unix |
99 |
self.__unix = unix |
99 |
if self.__ssl and not self.__unix: |
100 |
if self.__ssl and not self.__unix: |
100 |
self.__crypto_context = SSL.Context(SSL.SSLv23_METHOD) |
101 |
self.__crypto_context = SSL.Context(SSL.TLSv1_METHOD) |
101 |
self.__crypto_context.set_cipher_list('DEFAULT') |
102 |
self.__crypto_context.set_cipher_list(ucr.get('umc/server/ssl/ciphers', 'DEFAULT')) |
|
|
103 |
self.__crypto_context.set_options(SSL.OP_NO_SSLv2) |
104 |
self.__crypto_context.set_options(SSL.OP_NO_SSLv3) |
102 |
self.__crypto_context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, self.__verify_cert_cb) |
105 |
self.__crypto_context.set_verify(SSL.VERIFY_PEER | SSL.VERIFY_FAIL_IF_NO_PEER_CERT, self.__verify_cert_cb) |
103 |
try: |
106 |
try: |
104 |
self.__crypto_context.load_verify_locations(os.path.join('/etc/univention/ssl/ucsCA', 'CAcert.pem')) |
107 |
self.__crypto_context.load_verify_locations(os.path.join('/etc/univention/ssl/ucsCA', 'CAcert.pem')) |