| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Added function print_to_fd and write_to_fd as a way to write
strings to file descriptors in a type agnostic way for
compatibility across Python versions.
|
|
|
|
|
| |
Also changes variable name so that it's not using the name of a built-in
type, i.e. `for key_bytes in self` instead of `for bytes in self`.
|
|\
| |
| | |
Updated get_utf8_value, explicit float cast
|
| | |
|
| | |
|
| |\
| | |
| | |
| | |
| | | |
Removed extranious PY2 check and added
a check to ensure bytes are UTF-8
|
| |/ |
|
| | |
|
| | |
|
|/ |
|
|
|
|
| |
Reference: https://github.com/benjaminp/six/blob/master/six.py
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several Google servers, including storage.googleapis.com, send an
invalid certificate in response to HTTPS connections which do not
include Server Name Indication (SNI) in ClientHello:
OU = "No SNI provided; please fix your client.", CN = invalid2.invalid
This can be demonstrated by running
`openssl s_client -connect storage.googleapis.com:443` with and without
the `-noservername` option. This causes errors in boto, such as:
Traceback (most recent call last):
File "./gsbototest.py", line 6, in <module>
boto.storage_uri('bucket-name', 'gs').create_bucket()
File "/tmp/boto/boto/storage_uri.py", line 574, in create_bucket
storage_class)
File "/tmp/boto/boto/gs/connection.py", line 95, in create_bucket
data=get_utf8_value(data))
File "/tmp/boto/boto/s3/connection.py", line 682, in make_request
retry_handler=retry_handler
File "/tmp/boto/boto/connection.py", line 1074, in make_request
retry_handler=retry_handler)
File "/tmp/boto/boto/connection.py", line 1033, in _mexe
raise ex
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)
To fix the issue, this commit sends SNI, where possible. This requires
calling wrap_socket on an SSLContext instance. The necessary SSLContext
is constructed and additional SSLSocket attributes are set using the
[same code as SSLSocket] to minimize potential differences introduced.
The code is only called when SSLContext is available (Python 2.7.9 and
later) and only when OpenSSL is compiled with SNI support.
[same code as SSLSocket]: https://github.com/python/cpython/blob/v2.7.15/Lib/ssl.py#L555-L570
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See https://stackoverflow.com/questions/52308440/fetch-content-in-aws-s3-public-bucket-from-gcp-data-storage/52322861#52322861
for a valid use case for this option.
This option was named after the "--no-sign-request" option in the AWS
CLI.
The additional changes to provider.py and auth.py are to prevent Boto
from checking and failing to find credentials on the metadata server
(and thus spewing error-level logs to the console), and to allow
pickling to work for the AnonAuthHandler and HmacKeys classes.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
| |
Change according to request in review
|
|
|
| |
Add more information on rebuild_environment
|
|
|
|
|
|
| |
Pass headers everywhere appropriate.
Recognize billing and userProject query parameters.
Integration test for Billing Configuration.
|
| |
|
|\
| |
| | |
Fix generate_url() AttributeError when using anonymous connections
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously generating a URL would fail for anonymous connections
(even when using `query_auth=False`), with:
`AttributeError: 'AnonAuthHandler' object has no attribute '_hmac_256'`
That now works, and in addition the `query_auth=False` parameter
is now optional for anonymous connections.
Fixes #1540.
|
|\ \
| | |
| | | |
Use RegionInfo by default with heuristics
|
| |/ |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Previously we had whitelisted sigv4 regions, this changes that to
instead whitelist sigv2 regions. This way, new S3 regions will all
use sigv4 without any additional changes needing to be made.
|
|
|
|
|
| |
This points all the existing `connect_to_region` functions to the
generic `connect` function within regioninfo.
|
| |
|
| |
|
| |
|
| |
|