1# Licensed to the Apache Software Foundation (ASF) under one or more 2# contributor license agreements. See the NOTICE file distributed with 3# this work for additional information regarding copyright ownership. 4# The ASF licenses this file to You under the Apache License, Version 2.0 5# (the "License"); you may not use this file except in compliance with 6# the License. You may obtain a copy of the License at 7# 8# http://www.apache.org/licenses/LICENSE-2.0 9# 10# Unless required by applicable law or agreed to in writing, software 11# distributed under the License is distributed on an "AS IS" BASIS, 12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13# See the License for the specific language governing permissions and 14# limitations under the License. 15""" 16Security (SSL) Settings 17 18Usage: 19 import libcloud.security 20 libcloud.security.VERIFY_SSL_CERT = True 21 22 # Optional. 23 libcloud.security.CA_CERTS_PATH = '/path/to/certfile' 24""" 25 26import os 27import ssl 28 29__all__ = [ 30 'VERIFY_SSL_CERT', 31 'SSL_VERSION', 32 'CA_CERTS_PATH' 33] 34 35VERIFY_SSL_CERT = True 36 37SSL_VERSION = ssl.PROTOCOL_TLSv1 38 39# True to use certifi CA bundle path when certifi library is available 40USE_CERTIFI = os.environ.get('LIBCLOUD_SSL_USE_CERTIFI', True) 41USE_CERTIFI = str(USE_CERTIFI).lower() in ['true', '1'] 42 43# File containing one or more PEM-encoded CA certificates 44# concatenated together. 45CA_CERTS_PATH = None 46 47# Insert certifi CA bundle path to the front of Libcloud CA bundle search 48# path if certifi is available 49try: 50 import certifi 51except ImportError: 52 has_certifi = False 53else: 54 has_certifi = True 55 56if has_certifi and USE_CERTIFI: 57 certifi_ca_bundle_path = certifi.where() 58 CA_CERTS_PATH = certifi_ca_bundle_path 59 60# Allow user to explicitly specify which CA bundle to use, using an environment 61# variable 62environment_cert_file = os.getenv('SSL_CERT_FILE', None) 63if environment_cert_file is not None: 64 # Make sure the file exists 65 if not os.path.exists(environment_cert_file): 66 raise ValueError('Certificate file %s doesn\'t exist' % 67 (environment_cert_file)) 68 69 if not os.path.isfile(environment_cert_file): 70 raise ValueError('Certificate file can\'t be a directory') 71 72 # If a provided file exists we ignore other common paths because we 73 # don't want to fall-back to a potentially less restrictive bundle 74 CA_CERTS_PATH = environment_cert_file 75 76CA_CERTS_UNAVAILABLE_ERROR_MSG = ( 77 'No CA Certificates were found in CA_CERTS_PATH. For information on ' 78 'how to get required certificate files, please visit ' 79 'https://libcloud.readthedocs.org/en/latest/other/' 80 'ssl-certificate-validation.html' 81) 82 83VERIFY_SSL_DISABLED_MSG = ( 84 'SSL certificate verification is disabled, this can pose a ' 85 'security risk. For more information how to enable the SSL ' 86 'certificate verification, please visit the libcloud ' 87 'documentation.' 88) 89