Add more TLS protocols to rabbit impl

Python 2.7.9 added PROTOCOL_TLSv1_1 and PROTOCOL_TLSv1_2, so these are added to the allowed kombu_ssl_version values. See https://docs.python.org/2/library/ssl.html#ssl.PROTOCOL_TLSv1_1 Change-Id: I1dd590d916ab524284a941db91b9cb81fd4639bb
2014-11-25 10:59:05 -06:00 · 2014-11-25 10:59:05 -06:00 · 1624793088
commit 1624793088
parent 42f55a1dda
1 changed files with 15 additions and 11 deletions
--- a/oslo/messaging/_drivers/impl_rabbit.py
+++ b/oslo/messaging/_drivers/impl_rabbit.py
@ -41,8 +41,9 @@ rabbit_opts = [
    cfg.StrOpt('kombu_ssl_version',
               default='',
               help='SSL version to use (valid only if SSL enabled). '
-                    'valid values are TLSv1 and SSLv23. SSLv2 and '
-                    'SSLv3 may be available on some distributions.'
+                    'Valid values are TLSv1 and SSLv23. SSLv2, SSLv3, '
+                    'TLSv1_1, and TLSv1_2 may be available on some '
+                    'distributions.'
               ),
    cfg.StrOpt('kombu_ssl_keyfile',
               default='',
@ -499,15 +500,18 @@ class Connection(object):
        "sslv23": ssl.PROTOCOL_SSLv23
    }

-    try:
-        _SSL_PROTOCOLS["sslv2"] = ssl.PROTOCOL_SSLv2
-    except AttributeError:
-        pass
-
-    try:
-        _SSL_PROTOCOLS["sslv3"] = ssl.PROTOCOL_SSLv3
-    except AttributeError:
-        pass
+    _OPTIONAL_PROTOCOLS = {
+        'sslv2': 'PROTOCOL_SSLv2',
+        'sslv3': 'PROTOCOL_SSLv3',
+        'tlsv1_1': 'PROTOCOL_TLSv1_1',
+        'tlsv1_2': 'PROTOCOL_TLSv1_2',
+    }
+    for protocol in _OPTIONAL_PROTOCOLS:
+        try:
+            _SSL_PROTOCOLS[protocol] = getattr(ssl,
+                                               _OPTIONAL_PROTOCOLS[protocol])
+        except AttributeError:
+            pass

    @classmethod
    def validate_ssl_version(cls, version):