Commit 3dd0a3f1 authored by Kirill Smelkov's avatar Kirill Smelkov

app: Remember SSL credentials so that it is possible to retrieve them

Unfortunately after creating SSL context it is not possible, or at least
I could not find how, to retrieve original credentials with which the
context was created. However wendelin.core needs to be able to take a
client storage, reconstruct zurl to refer to that particular storage,
and pass that zurl to wcfs, so that wcfs, in turn, could access the same
ZODB database.

Given a NEO client instance, it is already possible to retrieve
master_nodes, cluster name, and detect whether SSL is being in use.
However without being able to retrieve original SSL credentials,
reconstructed zurl will not be full and wcfs won't be able to use
exactly the same secrets as python part does.

-> Help wendelin.core by remembering which ca/cert/key were used to
build SSL context.

This information is used by zstor_2zurl in wendelin.core here:

https://lab.nexedi.com/nexedi/wendelin.core/blob/885b3556/lib/zodb.py#L390-418

/cc @levin.zimmermann
/reviewed-by @jm
/reviewed-on !21

(cherry-picked from commit 17af7f27)
parent fa2d4212
...@@ -72,6 +72,9 @@ class BaseApplication(object): ...@@ -72,6 +72,9 @@ class BaseApplication(object):
" provided: the CA certificate, and the certificate" " provided: the CA certificate, and the certificate"
" of this node with its private key.") " of this node with its private key.")
ca, cert, key = ssl ca, cert, key = ssl
# remember ca/cert/key, so that zstor_2zurl in wendelin.core could
# retrieve them and fully reconstruct neos:// url of the storage
self.ssl_credentials = ssl
import ssl import ssl
version, version_name = max((getattr(ssl, k), k) version, version_name = max((getattr(ssl, k), k)
for k in dir(ssl) if k.startswith("PROTOCOL_TLSv")) for k in dir(ssl) if k.startswith("PROTOCOL_TLSv"))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment