rpms/m2crypto/devel m2crypto-0.16-proxy-connect.patch, NONE, 1.1 m2crypto.spec, 1.27, 1.28
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Oct 20 17:26:50 UTC 2006
Author: mitr
Update of /cvs/dist/rpms/m2crypto/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv15592
Modified Files:
m2crypto.spec
Added Files:
m2crypto-0.16-proxy-connect.patch
Log Message:
* Fri Oct 20 2006 Miloslav Trmac <mitr at redhat.com> - 0.16-5
- Add proxy support for https using CONNECT (original patch by James Bowes
<jbowes at redhat.com>)
Resolves: #210963
m2crypto-0.16-proxy-connect.patch:
httpslib.py | 111 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
m2urllib2.py | 15 ++++++-
2 files changed, 123 insertions(+), 3 deletions(-)
--- NEW FILE m2crypto-0.16-proxy-connect.patch ---
Index: M2Crypto/httpslib.py
===================================================================
--- M2Crypto/httpslib.py (revision 469)
+++ M2Crypto/httpslib.py (working copy)
@@ -3,6 +3,10 @@
Copyright (c) 1999-2004 Ng Pheng Siong. All rights reserved."""
import string, sys
+import socket
+import urllib
+import base64
+
from httplib import *
from httplib import HTTPS_PORT # This is not imported with just '*'
import SSL
@@ -72,3 +76,110 @@
self.ssl_ctx = SSL.Context('sslv23')
assert isinstance(self._conn, HTTPSConnection)
self._conn.ssl_ctx = self.ssl_ctx
+
+
+class ProxyHTTPSConnection(HTTPSConnection):
+
+ """
+ An HTTPS Connection that uses a proxy and the CONNECT request.
+
+ When the connection is initiated, CONNECT is first sent to the proxy (along
+ with authorization headers, if supplied). If successful, an SSL connection
+ will be established over the socket through the proxy and to the target
+ host.
+
+ Finally, the actual request is sent over the SSL connection tunneling
+ through the proxy.
+ """
+
+ _ports = {'http' : 80, 'https' : 443}
+ _AUTH_HEADER = "Proxy-Authorization"
+
+ def __init__(self, host, port=None, strict=None, username=None,
+ password=None, **ssl):
+ """
+ Create the ProxyHTTPSConnection object.
+
+ host and port are the hostname and port number of the proxy server.
+ """
+ HTTPSConnection.__init__(self, host, port, strict, **ssl)
+
+ self._username = username
+ self._password = password
+ self._proxy_auth = None
+
+ def putrequest(self, method, url, skip_host=0, skip_accept_encoding=0):
+ #putrequest is called before connect, so can interpret url and get
+ #real host/port to be used to make CONNECT request to proxy
+ proto, rest = urllib.splittype(url)
+ if proto is None:
+ raise ValueError, "unknown URL type: %s" % url
+ #get host
+ host, rest = urllib.splithost(rest)
+ #try to get port
+ host, port = urllib.splitport(host)
+ #if port is not defined try to get from proto
+ if port is None:
+ try:
+ port = self._ports[proto]
+ except KeyError:
+ raise ValueError, "unknown protocol for: %s" % url
+ self._real_host = host
+ self._real_port = port
+ HTTPSConnection.putrequest(self, method, url, skip_host, skip_accept_encoding)
+
+ def putheader(self, header, value):
+ # Store the auth header if passed in.
+ if header.lower() == self._AUTH_HEADER.lower():
+ self._proxy_auth = value
+ else:
+ HTTPSConnection.putheader(self, header, value)
+
+ def endheaders(self):
+ # We've recieved all of hte headers. Use the supplied username
+ # and password for authorization, possibly overriding the authstring
+ # supplied in the headers.
+ if not self._proxy_auth:
+ self._proxy_auth = self._encode_auth()
+
+ HTTPSConnection.endheaders(self)
+
+ def connect(self):
+ HTTPConnection.connect(self)
+
+ #send proxy CONNECT request
+ self.sock.sendall(self._get_connect_msg())
+ response = HTTPResponse(self.sock)
+ response.begin()
+
+ code = response.status
+ if code != 200:
+ #proxy returned and error, abort connection, and raise exception
+ self.close()
+ raise socket.error, "Proxy connection failed: %d" % code
+
+ self._start_ssl()
+
+ def _get_connect_msg(self):
+ """ Return an HTTP CONNECT request to send to the proxy. """
+ msg = "CONNECT %s:%d HTTP/1.1\r\n" % (self._real_host, self._real_port)
+ if self._proxy_auth:
+ msg = msg + "%s: %s\r\n" % (self._AUTH_HEADER, self._proxy_auth)
+ msg = msg + "\r\n"
+ return msg
+
+ def _start_ssl(self):
+ """ Make this connection's socket SSL-aware. """
+ self.sock = SSL.Connection(self.ssl_ctx, self.sock)
+ self.sock.setup_ssl()
+ self.sock.set_connect_state()
+ self.sock.connect_ssl()
+
+ def _encode_auth(self):
+ """ Encode the username and password for use in the auth header. """
+ if not (self._username and self._password):
+ return None
+ # Authenticated proxy
+ userpass = "%s:%s" % (self._username, self._password)
+ enc_userpass = base64.encodestring(userpass).replace("\n", "")
+ return "Basic %s" % enc_userpass
Index: M2Crypto/m2urllib2.py
===================================================================
--- M2Crypto/m2urllib2.py (revision 469)
+++ M2Crypto/m2urllib2.py (working copy)
@@ -6,11 +6,13 @@
Python Software Foundation; All Rights Reserved
Summary of changes:
+ * Use an HTTPSProxyConnection if the request is going through a proxy.
* Add the SSL context to the https connection when performing https_open.
* Add the M2Crypto HTTPSHandler when building a default opener.
"""
from urllib2 import *
+import urlparse
import SSL
import httpslib
@@ -39,8 +41,15 @@
if not host:
raise URLError('no host given')
- # Our change: add the ssl context.
- h = httpslib.HTTPSConnection(host = host, ssl_context = self.ctx)
+ # Our change: Check to see if we're using a proxy.
+ # Then create an appropriate ssl-aware connection.
+ full_url = req.get_full_url()
+ target_host = urlparse.urlparse(full_url)[1]
+
+ if (target_host != host):
+ h = httpslib.ProxyHTTPSConnection(host = host, ssl_context = self.ctx)
+ else:
+ h = httpslib.HTTPSConnection(host = host, ssl_context = self.ctx)
# End our change
h.set_debuglevel(self._debuglevel)
@@ -54,7 +63,7 @@
# request.
headers["Connection"] = "close"
try:
- h.request(req.get_method(), req.get_selector(), req.data, headers)
+ h.request(req.get_method(), req.get_full_url(), req.data, headers)
r = h.getresponse()
except socket.error, err: # XXX what error?
raise URLError(err)
Index: m2crypto.spec
===================================================================
RCS file: /cvs/dist/rpms/m2crypto/devel/m2crypto.spec,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- m2crypto.spec 20 Oct 2006 14:40:45 -0000 1.27
+++ m2crypto.spec 20 Oct 2006 17:26:48 -0000 1.28
@@ -6,6 +6,7 @@
Release: 5%{?dist}
Source0: http://wiki.osafoundation.org/pub/Projects/MeTooCrypto/m2crypto-%{version}.tar.gz
Patch0: m2crypto-0.16-m2urllib2.patch
+Patch1: m2crypto-0.16-proxy-connect.patch
License: BSDish
Group: System Environment/Libraries
URL: http://wiki.osafoundation.org/bin/view/Projects/MeTooCrypto
@@ -20,6 +21,7 @@
%prep
%setup -q
%patch0 -p1
+%patch1 -p0 -b .proxy-connect
# Red Hat opensslconf.h #includes an architecture-specific file, but SWIG
# doesn't follow the #include.
@@ -71,7 +73,10 @@
%changelog
* Fri Oct 20 2006 Miloslav Trmac <mitr at redhat.com> - 0.16-5
- Backport the urllib2 wrapper (code by James Bowes <jbowes at redhat.com>)
-- Resolves: #210956
+ Resolves: #210956
+- Add proxy support for https using CONNECT (original patch by James Bowes
+ <jbowes at redhat.com>)
+ Resolves: #210963
* Tue Sep 26 2006 Miloslav Trmac <mitr at redhat.com> - 0.16-4
- Drop Obsoletes: openssl-python, openssl-python was last shipped in RHL 7.1
More information about the fedora-cvs-commits
mailing list