[Yum-devel] [PATCH] ssl patches for new urlgrabber and "proper" ssl support add options matching up to the options that were implemented in the m2crypto patch to yum and urlgrabber that many folks used (centos and rhel5 in particular)
Seth Vidal
skvidal at fedoraproject.org
Fri Aug 14 17:10:18 UTC 2009
sslcacert = Option()
sslverify = BoolOption(True)
sslclientcert = Option()
sslclientkey = Option()
Add these options in to every place we setup a urlgrabber instance.
---
yum/config.py | 12 ++++++++++++
yum/yumRepo.py | 19 +++++++++++++++++--
2 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/yum/config.py b/yum/config.py
index 75f8581..2f057c3 100644
--- a/yum/config.py
+++ b/yum/config.py
@@ -698,6 +698,12 @@ class YumConf(StartupConf):
color_search_match = Option('bold')
+ sslcacert = Option()
+ sslverify = BoolOption(True)
+ sslclientcert = Option()
+ sslclientkey = Option()
+
+
_reposlist = []
class RepoConf(BaseConfig):
@@ -751,6 +757,12 @@ class RepoConf(BaseConfig):
mdpolicy = Inherit(YumConf.mdpolicy)
cost = IntOption(1000)
+ sslcacert = Inherit(YumConf.sslcacert)
+ sslverify = Inherit(YumConf.sslverify)
+ sslclientcert = Inherit(YumConf.sslclientcert)
+ sslclientkey = Inherit(YumConf.sslclientkey)
+
+
def readStartupConfig(configfile, root):
'''
Parse Yum's main configuration file and return a StartupConf instance.
diff --git a/yum/yumRepo.py b/yum/yumRepo.py
index 12c7d35..fac218a 100644
--- a/yum/yumRepo.py
+++ b/yum/yumRepo.py
@@ -475,7 +475,12 @@ class YumRepository(Repository, config.RepoConf):
timeout=self.timeout,
copy_local=self.copy_local,
http_headers=headers,
- reget='simple')
+ reget='simple',
+ ssl_verify_peer=self.sslverify,
+ ssl_verify_host=self.sslverify,
+ ssl_ca_cert=self.sslcacert,
+ ssl_cert=self.sslclientcert,
+ ssl_key=self.sslclientkey)
self._grabfunc.opts.user_agent = default_grabber.opts.user_agent
@@ -667,7 +672,12 @@ class YumRepository(Repository, config.RepoConf):
retry = self.retries,
throttle = self.throttle,
progress_obj = self.callback,
- proxies=self.proxy_dict)
+ proxies=self.proxy_dict,
+ ssl_verify_peer=self.sslverify,
+ ssl_verify_host=self.sslverify,
+ ssl_ca_cert=self.sslcacert,
+ ssl_cert=self.sslclientcert,
+ ssl_key=self.sslclientkey)
ug.opts.user_agent = default_grabber.opts.user_agent
result = ug.urlgrab(url, local, text=self.id + "/metalink")
@@ -770,6 +780,11 @@ class YumRepository(Repository, config.RepoConf):
timeout=self.timeout,
checkfunc=checkfunc,
http_headers=headers,
+ ssl_verify_peer=self.sslverify,
+ ssl_verify_host=self.sslverify,
+ ssl_ca_cert=self.sslcacert,
+ ssl_cert=self.sslclientcert,
+ ssl_key=self.sslclientkey
)
ug.opts.user_agent = default_grabber.opts.user_agent
--
1.6.2.5
More information about the Yum-devel
mailing list