[Yum-devel] [PATCH] ssl patches for new urlgrabber and "proper" ssl support add options matching up to the options that were implemented in the m2crypto patch to yum and urlgrabber that many folks used (centos and rhel5 in particular)

Seth Vidal skvidal at fedoraproject.org
Fri Aug 14 17:10:18 UTC 2009


    sslcacert = Option()
    sslverify = BoolOption(True)
    sslclientcert = Option()
    sslclientkey = Option()

Add these options in to every place we setup a urlgrabber instance.
---
 yum/config.py  |   12 ++++++++++++
 yum/yumRepo.py |   19 +++++++++++++++++--
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/yum/config.py b/yum/config.py
index 75f8581..2f057c3 100644
--- a/yum/config.py
+++ b/yum/config.py
@@ -698,6 +698,12 @@ class YumConf(StartupConf):
 
     color_search_match = Option('bold')
     
+    sslcacert = Option()
+    sslverify = BoolOption(True)
+    sslclientcert = Option()
+    sslclientkey = Option()
+
+
     _reposlist = []
 
 class RepoConf(BaseConfig):
@@ -751,6 +757,12 @@ class RepoConf(BaseConfig):
     mdpolicy = Inherit(YumConf.mdpolicy)
     cost = IntOption(1000)
     
+    sslcacert = Inherit(YumConf.sslcacert)
+    sslverify = Inherit(YumConf.sslverify)
+    sslclientcert = Inherit(YumConf.sslclientcert)
+    sslclientkey = Inherit(YumConf.sslclientkey)
+
+    
 def readStartupConfig(configfile, root):
     '''
     Parse Yum's main configuration file and return a StartupConf instance.
diff --git a/yum/yumRepo.py b/yum/yumRepo.py
index 12c7d35..fac218a 100644
--- a/yum/yumRepo.py
+++ b/yum/yumRepo.py
@@ -475,7 +475,12 @@ class YumRepository(Repository, config.RepoConf):
                                     timeout=self.timeout,
                                     copy_local=self.copy_local,
                                     http_headers=headers,
-                                    reget='simple')
+                                    reget='simple',
+                                    ssl_verify_peer=self.sslverify,
+                                    ssl_verify_host=self.sslverify,
+                                    ssl_ca_cert=self.sslcacert,
+                                    ssl_cert=self.sslclientcert,
+                                    ssl_key=self.sslclientkey)
 
         self._grabfunc.opts.user_agent = default_grabber.opts.user_agent
 
@@ -667,7 +672,12 @@ class YumRepository(Repository, config.RepoConf):
                                     retry = self.retries,
                                     throttle = self.throttle,
                                     progress_obj = self.callback,
-                                    proxies=self.proxy_dict)
+                                    proxies=self.proxy_dict,
+                                    ssl_verify_peer=self.sslverify,
+                                    ssl_verify_host=self.sslverify,
+                                    ssl_ca_cert=self.sslcacert,
+                                    ssl_cert=self.sslclientcert,
+                                    ssl_key=self.sslclientkey)
                     ug.opts.user_agent = default_grabber.opts.user_agent
                     result = ug.urlgrab(url, local, text=self.id + "/metalink")
 
@@ -770,6 +780,11 @@ class YumRepository(Repository, config.RepoConf):
                             timeout=self.timeout,
                             checkfunc=checkfunc,
                             http_headers=headers,
+                            ssl_verify_peer=self.sslverify,
+                            ssl_verify_host=self.sslverify,
+                            ssl_ca_cert=self.sslcacert,
+                            ssl_cert=self.sslclientcert,
+                            ssl_key=self.sslclientkey                            
                             )
 
             ug.opts.user_agent = default_grabber.opts.user_agent
-- 
1.6.2.5



More information about the Yum-devel mailing list