Fix issues with DH parameters

- registry: make --dh mandatory - node: retry if the registry returns nothing (instead of writing an empty file)

Fix issues with DH parameters
- registry: make --dh mandatory - node: retry if the registry returns nothing (instead of writing an empty file)
f4427cf4 · Julien Muchembled · cc3b7794 · f4427cf4 · f4427cf4
Commit f4427cf4 authored Jan 25, 2016 by Julien Muchembled
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 9 deletions

re6st/cache.py re6st/cache.py +15 -8

re6st/cli/registry.py re6st/cli/registry.py +1 -1

No files found.
--- a/re6st/cache.py
+++ b/re6st/cache.py
-import json, logging, os, sqlite3, socket, subprocess, time, zlib
+import json, logging, os, sqlite3, socket, subprocess, sys, time, zlib
 from .registry import RegistryClient
 from . import utils, version, x509

@@ -129,18 +129,25 @@ class Cache(object):
                            " you should update.")

    def getDh(self, path):
+        # We'd like to do a full check here but
+        #   from OpenSSL import SSL
+        #   SSL.Context(SSL.TLSv1_METHOD).load_tmp_dh(path)
+        # segfaults if file is corrupted.
        if not os.path.exists(path):
            retry = 1
            while True:
                try:
                    dh = self._registry.getDh(self._prefix)
-                    break
-                except socket.error, e:
-                    logging.warning(
-                        "Failed to get DH parameters from the registry."
-                        " Will retry in %s seconds", retry, exc_info=1)
-                    time.sleep(retry)
-                    retry = min(60, retry * 2)
+                    if dh:
+                        break
+                    e = None
+                except socket.error:
+                    e = sys.exc_info()
+                logging.warning(
+                    "Failed to get DH parameters from the registry."
+                    " Will retry in %s seconds", retry, exc_info=e)
+                time.sleep(retry)
+                retry = min(60, retry * 2)
            with open(path, "wb") as f:
                f.write(dh)


--- a/re6st/cli/registry.py
+++ b/re6st/cli/registry.py
@@ -71,7 +71,7 @@ def main():
    _('--db', default='/var/lib/re6stnet/registry.db',
        help="Path to SQLite database file. It is automatically initialized"
             " if the file does not exist.")
-    _('--dh',
+    _('--dh', required=True,
        help="File containing Diffie-Hellman parameters in .pem format."
             " To generate them, you can use something like:\n"
             "openssl dhparam -out dh2048.pem 2048")