Skip to content

Add high level LDAPObject.set_tls_options() #350

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add high level LDAPObject.set_tls_options() #350

wants to merge 1 commit into from

Conversation

tiran
Copy link
Member

@tiran tiran commented Jun 7, 2020

The new high level function set_tls_options deals with most common
quirks and issues when setting TLS/SSL related options.

Signed-off-by: Christian Heimes cheimes@redhat.com

@tiran tiran added the feature label Jun 7, 2020
@tiran tiran added this to the 3.3 milestone Jun 7, 2020
@tiran tiran force-pushed the tlsoptions branch 7 times, most recently from 7039cbf to 2155f13 Compare June 7, 2020 14:30
@codecov
Copy link

codecov bot commented Jun 7, 2020
edited
Loading

Codecov Report

Merging #350 (4e83107) into master (39ea8e5) will decrease coverage by 0.26%.
The diff coverage is 49.15%.

❗ Current head 4e83107 differs from pull request most recent head 67a0983. Consider uploading reports for the commit 67a0983 to get more accurate results

@@            Coverage Diff             @@
##           master     #350      +/-   ##
==========================================
- Coverage   71.30%   71.04%   -0.27%     
==========================================
  Files          50       50              
  Lines        4796     4855      +59     
  Branches      802      823      +21     
==========================================
+ Hits         3420     3449      +29     
- Misses       1045     1063      +18     
- Partials      331      343      +12
Impacted Files Coverage Δ
Modules/LDAPObject.c 67.73% <ø> (ø)
Lib/ldap/ldapobject.py 77.04% <49.15%> (-3.19%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d9ded15...67a0983. Read the comment docs.

@tiran tiran force-pushed the tlsoptions branch 2 times, most recently from aad4418 to 4e83107 Compare June 7, 2020 17:12
@tiran tiran modified the milestones: 3.3, 4.0 Jun 8, 2020
droideck
droideck requested changes Aug 7, 2020
View reviewed changes
Tests/t_ldapobject.py
# just any directory
cacertdir=certdir,
require_cert=ldap.OPT_X_TLS_DEMAND,
protocol_min=0x303,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a very minor nitpick.
I understand that it is common knowledge but can we mention here in a comment that 0x303 is TLS 1.2? For friendliness and explicitness:)

Lib/ldap/ldapobject.py
if "ldapi://" in self._uri:
raise ValueError("IPC (ldapi) does not support TLS.")
if self._ldap_call(self._l.tls_inplace):
raise ValueError("TLS connection already established")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understand correctly the exception types... I think this one will fit a bit better - EnvironmentError (instead of ValueError).

Tests/t_ldapobject.py
self.assertEqual(conn.get_option(option), value)

@requires_tls()
def test_set_tls_options_ldap(self):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the coverage report has failed.
I think it's important to test all the parts before merging...

If you haven't started on the test suite expansion yet, I can take a look later and add a few tests so it will cover the rest of the code. :)

@tiran
Add high level LDAPObject.set_tls_options()
67a0983 
The new high level function ``set_tls_options`` deals with most common
quirks and issues when setting TLS/SSL related options.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
@encukou
Copy link
Member

encukou commented Sep 17, 2021

Speaking of friendliness, the added docs use a lot of acronyms that are very hard to search for if you don't already know what they mean.

@encukou encukou mentioned this pull request Sep 17, 2021
Merged
6 tasks
@encukou
Copy link
Member

encukou commented Sep 17, 2021

@quanah mentioned:

Issue #350 still incorrectly states that you can't do start_tls over ldapi

I don't know much about this topic, but I'll note that set_tls_options doesn't need to be perfect when it's first merged. Everything it does can be done with lower-level API already.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@droideck droideck droideck requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
4.0
Development

Successfully merging this pull request may close these issues.
3 participants
@tiran @encukou @droideck