"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "privacyidea/lib/resolvers/LDAPIdResolver.py" between
privacyidea-3.6.1.tar.gz and privacyidea-3.6.2.tar.gz

About: privacyIDEA is a flexible two factor authentication server that can be used to enhance the security of existing applications like local login, VPN, remote access, SSH connections or access to web sites.

LDAPIdResolver.py  (privacyidea-3.6.1):LDAPIdResolver.py  (privacyidea-3.6.2)
skipping to change at line 114 skipping to change at line 114
if os.path.isfile("/etc/privacyidea/ldap-ca.crt"): if os.path.isfile("/etc/privacyidea/ldap-ca.crt"):
DEFAULT_CA_FILE = "/etc/privacyidea/ldap-ca.crt" DEFAULT_CA_FILE = "/etc/privacyidea/ldap-ca.crt"
elif os.path.isfile("/etc/ssl/certs/ca-certificates.crt"): elif os.path.isfile("/etc/ssl/certs/ca-certificates.crt"):
DEFAULT_CA_FILE = "/etc/ssl/certs/ca-certificates.crt" DEFAULT_CA_FILE = "/etc/ssl/certs/ca-certificates.crt"
elif os.path.isfile("/etc/ssl/certs/ca-bundle.crt"): elif os.path.isfile("/etc/ssl/certs/ca-bundle.crt"):
DEFAULT_CA_FILE = "/etc/ssl/certs/ca-bundle.crt" DEFAULT_CA_FILE = "/etc/ssl/certs/ca-bundle.crt"
else: else:
DEFAULT_CA_FILE = "/etc/privacyidea/ldap-ca.crt" DEFAULT_CA_FILE = "/etc/privacyidea/ldap-ca.crt"
DEFAULT_TLS_PROTOCOL = ssl.PROTOCOL_TLS try:
TLS_NEGOTIATE_PROTOCOL = ssl.PROTOCOL_TLS
except AttributeError as _e:
# this is Python < 2.7.13, it does not provide ssl.PROTOCOL_TLS
TLS_NEGOTIATE_PROTOCOL = ssl.PROTOCOL_SSLv23
DEFAULT_TLS_PROTOCOL = TLS_NEGOTIATE_PROTOCOL
TLS_OPTIONS_1_3 = (ssl.OP_NO_TLSv1_2, ssl.OP_NO_TLSv1_1, ssl.OP_NO_TLSv1, ssl.OP _NO_SSLv3) TLS_OPTIONS_1_3 = (ssl.OP_NO_TLSv1_2, ssl.OP_NO_TLSv1_1, ssl.OP_NO_TLSv1, ssl.OP _NO_SSLv3)
class LockingServerPool(ldap3.ServerPool): class LockingServerPool(ldap3.ServerPool):
""" """
A ``ServerPool`` subclass that uses a RLock to synchronize invocations of A ``ServerPool`` subclass that uses a RLock to synchronize invocations of
``initialize``, ``get_server`` and ``get_current_server``. ``initialize``, ``get_server`` and ``get_current_server``.
We synchronize invocations to rule out race conditions when multiple threads We synchronize invocations to rule out race conditions when multiple threads
try to manipulate the server pool state concurrently. try to manipulate the server pool state concurrently.
skipping to change at line 512 skipping to change at line 518
tls_ca_file=None, tls_options=None): tls_ca_file=None, tls_options=None):
""" """
This method creates the Tls object to be used with ldap3. This method creates the Tls object to be used with ldap3.
""" """
if ldap_uri.lower().startswith("ldaps") or is_true(start_tls): if ldap_uri.lower().startswith("ldaps") or is_true(start_tls):
if not tls_version: if not tls_version:
tls_version = int(DEFAULT_TLS_PROTOCOL) tls_version = int(DEFAULT_TLS_PROTOCOL)
# If TLS_VERSION is 2, set tls_options to use TLS v1.3 # If TLS_VERSION is 2, set tls_options to use TLS v1.3
if not tls_options: if not tls_options:
tls_options = TLS_OPTIONS_1_3 if int(tls_version) == int(ssl.PRO TOCOL_TLS) else None tls_options = TLS_OPTIONS_1_3 if int(tls_version) == int(TLS_NEG OTIATE_PROTOCOL) else None
if tls_verify: if tls_verify:
tls_ca_file = tls_ca_file or DEFAULT_CA_FILE tls_ca_file = tls_ca_file or DEFAULT_CA_FILE
else: else:
tls_verify = ssl.CERT_NONE tls_verify = ssl.CERT_NONE
tls_context = Tls(validate=tls_verify, tls_context = Tls(validate=tls_verify,
version=int(tls_version), version=int(tls_version),
ssl_options=tls_options, ssl_options=tls_options,
ca_certs_file=tls_ca_file) ca_certs_file=tls_ca_file)
else: else:
tls_context = None tls_context = None
 End of changes. 2 change blocks. 
2 lines changed or deleted 8 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)