/usr/lib/python3/dist-packages/libcloud/security.py is in python3-libcloud 1.5.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 | # Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""
Security (SSL) Settings
Usage:
import libcloud.security
libcloud.security.VERIFY_SSL_CERT = True
# Optional.
libcloud.security.CA_CERTS_PATH.append('/path/to/cacert.txt')
"""
import os
import ssl
__all__ = [
'VERIFY_SSL_CERT',
'SSL_VERSION',
'CA_CERTS_PATH'
]
VERIFY_SSL_CERT = True
SSL_VERSION = ssl.PROTOCOL_TLSv1
# True to use certifi CA bundle path when certifi library is available
USE_CERTIFI = os.environ.get('LIBCLOUD_SSL_USE_CERTIFI', True)
USE_CERTIFI = str(USE_CERTIFI).lower() in ['true', '1']
# File containing one or more PEM-encoded CA certificates
# concatenated together.
CA_CERTS_PATH = [
# centos/fedora: openssl
'/etc/pki/tls/certs/ca-bundle.crt',
# debian/ubuntu/arch/gentoo: ca-certificates
'/etc/ssl/certs/ca-certificates.crt',
# freebsd: ca_root_nss
'/usr/local/share/certs/ca-root-nss.crt',
# macports: curl-ca-bundle
'/opt/local/share/curl/curl-ca-bundle.crt',
# homebrew: openssl
'/usr/local/etc/openssl/cert.pem',
# homebrew: curl-ca-bundle (backward compatibility)
'/usr/local/opt/curl-ca-bundle/share/ca-bundle.crt',
# opensuse/sles: openssl
'/etc/ssl/ca-bundle.pem',
# SLES11 imported CA certificate
'/etc/ssl/certs/YaST-CA.pem',
]
# Insert certifi CA bundle path to the front of Libcloud CA bundle search
# path if certifi is available
try:
import certifi
except ImportError:
has_certifi = False
else:
has_certifi = True
if has_certifi and USE_CERTIFI:
certifi_ca_bundle_path = certifi.where()
CA_CERTS_PATH.insert(0, certifi_ca_bundle_path)
# Allow user to explicitly specify which CA bundle to use, using an environment
# variable
environment_cert_file = os.getenv('SSL_CERT_FILE', None)
if environment_cert_file is not None:
# Make sure the file exists
if not os.path.exists(environment_cert_file):
raise ValueError('Certificate file %s doesn\'t exist' %
(environment_cert_file))
if not os.path.isfile(environment_cert_file):
raise ValueError('Certificate file can\'t be a directory')
# If a provided file exists we ignore other common paths because we
# don't want to fall-back to a potentially less restrictive bundle
CA_CERTS_PATH = [environment_cert_file]
CA_CERTS_UNAVAILABLE_ERROR_MSG = (
'No CA Certificates were found in CA_CERTS_PATH. For information on '
'how to get required certificate files, please visit '
'https://libcloud.readthedocs.org/en/latest/other/'
'ssl-certificate-validation.html'
)
VERIFY_SSL_DISABLED_MSG = (
'SSL certificate verification is disabled, this can pose a '
'security risk. For more information how to enable the SSL '
'certificate verification, please visit the libcloud '
'documentation.'
)
|