Merge "Big Switch: Switch to TLSv1 in server manager"

2014-10-23 21:20:45 +00:00 · 2014-10-23 21:20:45 +00:00 · 9d84e24a85
commit 9d84e24a85
parent 7ac44b0fa0 91ebcd034a
2 changed files with 11 additions and 7 deletions
--- a/neutron/plugins/bigswitch/servermanager.py
+++ b/neutron/plugins/bigswitch/servermanager.py
@ -637,8 +637,9 @@ class HTTPSConnectionWithValidation(httplib.HTTPSConnection):
        if self.combined_cert:
            self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
                                        cert_reqs=ssl.CERT_REQUIRED,
-                                        ca_certs=self.combined_cert)
+                                        ca_certs=self.combined_cert,
+                                        ssl_version=ssl.PROTOCOL_TLSv1)
        else:
-            self.sock = ssl.wrap_socket(sock, self.key_file,
-                                        self.cert_file,
-                                        cert_reqs=ssl.CERT_NONE)
+            self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
+                                        cert_reqs=ssl.CERT_NONE,
+                                        ssl_version=ssl.PROTOCOL_TLSv1)
--- a/neutron/tests/unit/bigswitch/test_servermanager.py
+++ b/neutron/tests/unit/bigswitch/test_servermanager.py
@ -465,7 +465,8 @@ class ServerManagerTests(test_rp.BigSwitchProxyPluginV2TestCase):
            ('www.example.org', 443), 90, '127.0.0.1'
        )])
        self.wrap_mock.assert_has_calls([mock.call(
-            self.socket_mock(), None, None, cert_reqs=ssl.CERT_NONE
+            self.socket_mock(), None, None, cert_reqs=ssl.CERT_NONE,
+            ssl_version=ssl.PROTOCOL_TLSv1
        )])
        self.assertEqual(con.sock, self.wrap_mock())

@ -480,7 +481,8 @@ class ServerManagerTests(test_rp.BigSwitchProxyPluginV2TestCase):
        )])
        self.wrap_mock.assert_has_calls([mock.call(
            self.socket_mock(), None, None, ca_certs='SOMECERTS.pem',
-            cert_reqs=ssl.CERT_REQUIRED
+            cert_reqs=ssl.CERT_REQUIRED,
+            ssl_version=ssl.PROTOCOL_TLSv1
        )])
        self.assertEqual(con.sock, self.wrap_mock())

@ -500,7 +502,8 @@ class ServerManagerTests(test_rp.BigSwitchProxyPluginV2TestCase):
            ('www.example.org', 443), 90, '127.0.0.1'
        )])
        self.wrap_mock.assert_has_calls([mock.call(
-            self.socket_mock(), None, None, cert_reqs=ssl.CERT_NONE
+            self.socket_mock(), None, None, cert_reqs=ssl.CERT_NONE,
+            ssl_version=ssl.PROTOCOL_TLSv1
        )])
        # _tunnel() doesn't take any args
        tunnel_mock.assert_has_calls([mock.call()])