another fix for compat issues.

now only support ssl in python >= 2.7.9 or python >= 3.4 support ssl in older python is a headache, it's much complex than a first glance, if you're serious about security, upgrade you python to use modern ssl lib. more info: https://www.python.org/downloads/release/python-279/
KevinMyDing · Dec 29, 2015 · 652029c · 652029c
1 parent 153a065
commit 652029c
Show file tree

Hide file tree

Showing 8 changed files with 58 additions and 74 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,24 +1,22 @@
+sudo: false
 language: python
-python: 3.5
-cache:
-  directories:
-    - $HOME/.pip-cache
-env:
-  - TOXENV=flake8
-  - TOXENV=py26-py
-  - TOXENV=py26-cy
-  - TOXENV=py27-py
-  - TOXENV=py27-cy
-  - TOXENV=py33-py
-  - TOXENV=py33-cy
-  - TOXENV=py34-py
-  - TOXENV=py34-cy
-  - TOXENV=py35-cy
-  - TOXENV=pypy
-before_install:
-  - pip install --download-cache $HOME/.pip-cache --use-wheel --install-option="--no-cython-compile" cython
-  - pip install --download-cache $HOME/.pip-cache tox
+
+python:
+  - 2.6
+  - 2.7
+  - 3.3
+  - 3.4
+  - 3.5
+  - pypy
+
+matrix:
+  # include test for flake8
+  include:
+    - python: 3.5
+      script: tox -e flake8
+
 install:
-  - make build_ext
+  - pip install cython tox
+
 script:
-  - tox -v
+  - tox -e py
diff --git a/Makefile b/Makefile
@@ -1,8 +1,10 @@
-build_ext:
+clean:
 	rm -vf thriftpy/protocol/cybin/*.c thriftpy/protocol/*.so
 	rm -vf thriftpy/transport/*.c thriftpy/transport/*.so
 	rm -vf thriftpy/transport/*/*.c thriftpy/transport/*/*.so
 	rm -vf dist/*
+
+build_ext: clean
 	python setup.py build_ext
 
 package: build_ext

diff --git a/setup.py b/setup.py
@@ -90,6 +90,7 @@
           "Development Status :: 4 - Beta",
           "Intended Audience :: Developers",
           "License :: OSI Approved :: MIT License",
+          "Programming Language :: Python :: 2.6",
           "Programming Language :: Python :: 2.7",
           "Programming Language :: Python :: 3.3",
           "Programming Language :: Python :: 3.4",

diff --git a/tests/test_sslsocket.py b/tests/test_sslsocket.py
@@ -2,15 +2,19 @@
 
 from __future__ import absolute_import
 
-import socket
 import ssl
 import threading
 
 import pytest
 
+from thriftpy._compat import MODERN_SSL
 from thriftpy.transport import TTransportException
 from thriftpy.transport.sslsocket import TSSLSocket, TSSLServerSocket
 
+pytestmark = pytest.mark.skipif(
+    not MODERN_SSL,
+    reason="ssl only supported in in python2.7, python3.4 or above")
+
 
 def _echo_server(sock):
     c = sock.accept()
@@ -52,19 +56,6 @@ def test_inet_ssl_socket():
     _test_socket(server_socket, client_socket)
 
 
-def test_inet6_ssl_socket():
-    server_socket = TSSLServerSocket(host="localhost", port=12345,
-                                     socket_family=socket.AF_INET6,
-                                     certfile="ssl/server.pem")
-    client_socket = TSSLSocket(
-        host="localhost", port=12345, socket_timeout=3000,
-        socket_family=socket.AF_INET6,
-        cafile="ssl/CA.pem", certfile="ssl/client.crt",
-        keyfile="ssl/client.key")
-
-    _test_socket(server_socket, client_socket)
-
-
 def test_ssl_hostname_validate():
     server_socket = TSSLServerSocket(host="localhost", port=12345,
                                      certfile="ssl/server.pem")
@@ -86,17 +77,6 @@ def test_ssl_hostname_validate():
     _test_socket(server_socket, client_socket)
 
 
-def test_ssl_ciphers():
-    server_socket = TSSLServerSocket(host="localhost", port=12345,
-                                     certfile="ssl/server.pem")
-    client_socket = TSSLSocket(
-        host="localhost", port=12345, socket_timeout=3000,
-        cafile="ssl/CA.pem", certfile="ssl/client.crt",
-        keyfile="ssl/client.key")
-
-    _test_socket(server_socket, client_socket)
-
-
 def test_persist_ssl_context():
     server_ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
     server_ssl_context.load_cert_chain(certfile="ssl/server.pem")

diff --git a/thriftpy/_compat.py b/thriftpy/_compat.py
@@ -19,6 +19,10 @@
 UNIX = platform.system() in ("Linux", "Darwin")
 CYTHON = UNIX and not PYPY  # Cython always disabled in pypy and windows
 
+# only python2.7.9 and python 3.4 or above have true ssl context
+MODERN_SSL = (2, 7, 9) <= sys.version_info < (3, 0, 0) or \
+    sys.version_info >= (3, 4)
+
 if PY3:
     text_type = str
     string_types = (str,)

diff --git a/thriftpy/transport/socket.py b/thriftpy/transport/socket.py
@@ -179,7 +179,8 @@ def _init_sock(self):
             _sock = socket.socket(self.socket_family, socket.SOCK_STREAM)
 
         _sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-        _sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1)
+        if hasattr(socket, "SO_REUSEPORT"):
+            _sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, 1)
         _sock.settimeout(None)
         self.sock = _sock
 

diff --git a/thriftpy/transport/sslsocket.py b/thriftpy/transport/sslsocket.py
@@ -7,6 +7,7 @@
 import ssl
 import struct
 
+from .._compat import MODERN_SSL
 from .socket import TSocket, TServerSocket
 
 
@@ -38,7 +39,7 @@ def __init__(self, host, port, socket_family=socket.AF_INET,
 
         if ssl_context:
             self.ssl_context = ssl_context
-        else:
+        elif MODERN_SSL:
             # verify all cert exists
             for c_file in (cafile, certfile, keyfile):
                 if not os.access(c_file, os.R_OK):
@@ -54,6 +55,10 @@ def __init__(self, host, port, socket_family=socket.AF_INET,
                                              keyfile=keyfile)
             if ciphers:
                 self.ssl_context.set_ciphers(ciphers)
+        else:
+            raise NotImplementedError(
+                "ssl.create_default_context not available, "
+                "either use ssl_context to initialize or upgrade python!")
 
     def _init_sock(self):
         _sock = socket.socket(self.socket_family, socket.SOCK_STREAM)
@@ -88,7 +93,7 @@ def __init__(self, host, port, socket_family=socket.AF_INET,
 
         if ssl_context:
             self.ssl_context = ssl_context
-        else:
+        elif MODERN_SSL:
             if not os.access(certfile, os.R_OK):
                 raise IOError('No such certfile found: %s' % certfile)
 
@@ -97,6 +102,10 @@ def __init__(self, host, port, socket_family=socket.AF_INET,
             self.ssl_context.load_cert_chain(certfile=certfile)
             if ciphers:
                 self.ssl_context.set_ciphers(ciphers)
+        else:
+            raise NotImplementedError(
+                "ssl.create_default_context not available, "
+                "either use ssl_context to initialize or upgrade python!")
 
     def accept(self):
         sock, _ = self.sock.accept()

diff --git a/tox.ini b/tox.ini
@@ -1,30 +1,19 @@
 [tox]
-envlist = flake8, {py26,py27,py33,py34}-{py,cy}, pypy
+envlist = flake8, py26, py27, py33, py34, py35, pypy
 
 [testenv]
-changedir = tests
-basepython =
-    py26: python2.6
-    py27: python2.7
-    py33: python3.3
-    py34: python3.4
-    py35: python3.5
-    pypy: pypy
-deps =
-    pytest>=2.8
-    teamcity-messages>=1.8
-    tornado>=4.0,<5.0
-    toro>=0.6
-    cy: cython>=0.23
-install_command =
-    pip install --download-cache $HOME/.pip-cache {opts} {packages}
+changedir =
+    tests
+
 commands =
-    python --version
-    py.test {posargs}
+    py.test []
 
-[testenv:flake8]
-basepython = python3.5
 deps =
-    flake8 >=2.5
-commands =
-    flake8 .
+    pytest
+    tornado
+    toro
+    cython
+
+[testenv:flake8]
+deps = flake8
+commands = flake8 .