Utilities for using M2Crypto SSL with DIRAC.


Gets the details of the current peer as a standard dict. The peer details are obtained from the supplied M2 SSL Connection obj “conn”. The details returned are those from ~X509Chain.getCredentials:

DN - Full peer DN as string x509Chain - Full chain of peer isProxy - Boolean, True if chain ends with proxy isLimitedProxy - Boolean, True if chain ends with limited proxy group - String, DIRAC group for this peer, if known

Returns a dict of details.

DIRAC.Core.DISET.private.Transports.SSL.M2Utils.getM2SSLContext(ctx=None, **kwargs)

Gets an M2Crypto.SSL.Context configured using the standard DIRAC connection keywords from kwargs. The keywords are:

  • clientMode: Boolean, if False hostcerts are always used. If True
    a proxy is used unless other flags are set.
  • useCertificates: Boolean, Set to true to use hostcerts in client
  • proxyString: String, no-longer supported, used to allow a literal
    proxy string to be provided.
  • proxyLocation: String, Path to file to use as proxy, defaults to
    usual location(s) if not set.
  • skipCACheck: Boolean, if True, don’t verify peer certificates.
  • sslMethod: String, List of SSL algorithms to enable in OpenSSL style
    cipher format, e.g. “SSLv3:TLSv1”.
  • sslCiphers: String, OpenSSL style cipher string of ciphers to allow
    on this connection.

If an existing context “ctx” is provided, it is just reconfigured with the selected arguments.

Returns the new or updated context.