Merge lp://qastaging/~bac/juju-quickstart/ssl-issue into lp://qastaging/juju-quickstart
Proposed by
Brad Crittenden
Status: | Merged | ||||
---|---|---|---|---|---|
Merged at revision: | 72 | ||||
Proposed branch: | lp://qastaging/~bac/juju-quickstart/ssl-issue | ||||
Merge into: | lp://qastaging/juju-quickstart | ||||
Diff against target: |
41 lines (+6/-2) 2 files modified
quickstart/juju.py (+3/-1) quickstart/tests/test_juju.py (+3/-1) |
||||
To merge this branch: | bzr merge lp://qastaging/~bac/juju-quickstart/ssl-issue | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Juju GUI Hackers | Pending | ||
Review via email: mp+221949@code.qastaging.launchpad.net |
Description of the change
Make juju-quickstart websockets use TLSv1.
On OS X by default websockets try to use SSLv2 first. The juju-gui server
rejects the attempt and they do not renogiate a shared protocol, resulting in
a handshake failure.
The least invasive and most secure solution is to create a websocket that is
forced to use TLSv1.
To post a comment you must log in.
Reviewers: mp+221949_ code.launchpad. net,
Message:
Please take a look.
Description:
Make juju-quickstart websockets use TLSv1.
On OS X by default websockets try to use SSLv2 first. The juju-gui
server
rejects the attempt and they do not renogiate a shared protocol,
resulting in
a handshake failure.
The least invasive and most secure solution is to create a websocket
that is
forced to use TLSv1.
QA:
Grab this branch under review. In the juju-quickstart top-level run:
% JUJU_ENV=ec2 make run
After a good long while it should launch a browser. On OS X, due to bug
1322596, Safari will not be able to actually complete the connection to
the
GUI. Copy the URL over to Chrome or Firefox.
% juju destroy-environment ec2
Repeat for Ubuntu just to prove that it doesnt' break over there.
https:/ /code.launchpad .net/~bac/ juju-quickstart /ssl-issue/ +merge/ 221949
(do not edit description out of merge proposal)
Please review this at https:/ /codereview. appspot. com/105810043/
Affected files (+8, -2 lines): tests/test_ juju.py
A [revision details]
M quickstart/juju.py
M quickstart/
Index: [revision details]
=== added file '[revision details]'
--- [revision details] 2012-01-01 00:00:00 +0000
+++ [revision details] 2012-01-01 00:00:00 +0000
@@ -0,0 +1,2 @@
+Old revision: <email address hidden>
+New revision: <email address hidden>
Index: quickstart/juju.py juju.py'
=== modified file 'quickstart/
--- quickstart/juju.py 2014-03-12 10:10:21 +0000
+++ quickstart/juju.py 2014-06-03 19:18:14 +0000
@@ -21,12 +21,14 @@
import logging
import jujuclient
+import ssl
import websocket
def connect(api_url): tion() tion( dict(ssl_ version= ssl.PROTOCOL_ TLSv1)) create_ connection function. n.settimeout( websocket. default_ timeout) n.connect( api_url, origin=api_url)
"""Return an Environment instance connected to the given API URL."""
- connection = WebSocketConnec
+ connection = WebSocketConnec
+ sslopt=
# See the websocket.
connectio
connectio
Index: quickstart/ tests/test_ juju.py tests/test_ juju.py' tests/test_ juju.py 2014-03-12 10:10:21 +0000 tests/test_ juju.py 2014-06-03 19:10:21 +0000
=== modified file 'quickstart/
--- quickstart/
+++ quickstart/
@@ -21,6 +21,7 @@
import unittest
import mock
+import ssl
import websocket
from quickstart import juju t_connection( self, mock_conn): self.api_ url) assert_ called_ once_with( ) assert_ called_ once_with( {'ssl_version' : ssl.PROTOCOL_ TLSv1})
conn. assert_ has_calls( [
mock.call. settimeout( websocket. default_ timeout) ,
@@ -38,7 +39,8 @@
def test_environmen
# A connected Environment instance is correctly returned.
env = juju.connect(
- mock_conn.
+ mock_conn.
+ sslopt=
conn = mock_conn()