Merge lp://qastaging/~bac/juju-quickstart/ssl-issue into lp://qastaging/juju-quickstart

Reviewers: mp+221949_code.launchpad.net,

Message:
Please take a look.

Description:
Make juju-quickstart websockets use TLSv1.

On OS X by default websockets try to use SSLv2 first. The juju-gui
server
rejects the attempt and they do not renogiate a shared protocol,
resulting in
a handshake failure.

The least invasive and most secure solution is to create a websocket
that is
forced to use TLSv1.

QA:

Grab this branch under review. In the juju-quickstart top-level run:

% JUJU_ENV=ec2 make run

After a good long while it should launch a browser. On OS X, due to bug
1322596, Safari will not be able to actually complete the connection to
the
GUI. Copy the URL over to Chrome or Firefox.

% juju destroy-environment ec2

Repeat for Ubuntu just to prove that it doesnt' break over there.

https://code.launchpad.net/~bac/juju-quickstart/ssl-issue/+merge/221949

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/105810043/

Affected files (+8, -2 lines):
   A [revision details]
   M quickstart/juju.py
   M quickstart/tests/test_juju.py

Index: [revision details]
=== added file '[revision details]'
--- [revision details] 2012-01-01 00:00:00 +0000
+++ [revision details] 2012-01-01 00:00:00 +0000
@@ -0,0 +1,2 @@
+Old revision: <email address hidden>
+New revision: <email address hidden>

Index: quickstart/juju.py
=== modified file 'quickstart/juju.py'
--- quickstart/juju.py 2014-03-12 10:10:21 +0000
+++ quickstart/juju.py 2014-06-03 19:18:14 +0000
@@ -21,12 +21,14 @@
  import logging

  import jujuclient
+import ssl
  import websocket

  def connect(api_url):
      """Return an Environment instance connected to the given API URL."""
- connection = WebSocketConnection()
+ connection = WebSocketConnection(
+ sslopt=dict(ssl_version=ssl.PROTOCOL_TLSv1))
      # See the websocket.create_connection function.
      connection.settimeout(websocket.default_timeout)
      connection.connect(api_url, origin=api_url)

Index: quickstart/tests/test_juju.py
=== modified file 'quickstart/tests/test_juju.py'
--- quickstart/tests/test_juju.py 2014-03-12 10:10:21 +0000
+++ quickstart/tests/test_juju.py 2014-06-03 19:10:21 +0000
@@ -21,6 +21,7 @@
  import unittest

  import mock
+import ssl
  import websocket

  from quickstart import juju
@@ -38,7 +39,8 @@
      def test_environment_connection(self, mock_conn):
          # A connected Environment instance is correctly returned.
          env = juju.connect(self.api_url)
- mock_conn.assert_called_once_with()
+ mock_conn.assert_called_once_with(
+ sslopt={'ssl_version': ssl.PROTOCOL_TLSv1})
          conn = mock_conn()
          conn.assert_has_calls([
              mock.call.settimeout(websocket.default_timeout),

*** Submitted:

Make juju-quickstart websockets use TLSv1.

On OS X by default websockets try to use SSLv2 first. The juju-gui
server
rejects the attempt and they do not renogiate a shared protocol,
resulting in
a handshake failure.

The least invasive and most secure solution is to create a websocket
that is
forced to use TLSv1.

R=redir
CC=
https://codereview.appspot.com/105810043

https://codereview.appspot.com/105810043/