diff --git a/cassandra/connection.py b/cassandra/connection.py index bfe38fc702..291263f120 100644 --- a/cassandra/connection.py +++ b/cassandra/connection.py @@ -779,15 +779,13 @@ def __init__(self, host='127.0.0.1', port=9042, authenticator=None, self.ssl_options.update(self.endpoint.ssl_options or {}) elif self.endpoint.ssl_options: self.ssl_options = self.endpoint.ssl_options + self._check_hostname = self.ssl_options.get('check_hostname', False) # PYTHON-1331 # # We always use SSLContext.wrap_socket() now but legacy configs may have other params that were passed to ssl.wrap_socket()... # and either could have 'check_hostname'. Remove these params into a separate map and use them to build an SSLContext if # we need to do so. - # - # Note the use of pop() here; we are very deliberately removing these params from ssl_options if they're present. After this - # operation ssl_options should contain only args needed for the ssl_context.wrap_socket() call. if not self.ssl_context and self.ssl_options: self.ssl_context = self._build_ssl_context_from_options() diff --git a/tests/integration/long/ssl/127.0.0.1.keystore b/tests/integration/long/ssl/127.0.0.1.keystore index 98193ab54e..aefae73ca2 100644 Binary files a/tests/integration/long/ssl/127.0.0.1.keystore and b/tests/integration/long/ssl/127.0.0.1.keystore differ diff --git a/tests/integration/long/ssl/ca-cert b/tests/integration/long/ssl/ca-cert new file mode 100644 index 0000000000..ab0bb28a6e --- /dev/null +++ b/tests/integration/long/ssl/ca-cert @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgIUNaZrKLGgSDvEMiIZE401OeWIYXQwDQYJKoZIhvcNAQEL +BQAwPzEQMA4GA1UEAwwHcm9vdC1jYTEQMA4GA1UECwwHZHJpdmVyczEMMAoGA1UE +CgwDb3NzMQswCQYDVQQGEwJVUzAeFw0yNDA5MjQwODUwMThaFw0zNDA5MjIwODUw +MThaMD8xEDAOBgNVBAMMB3Jvb3QtY2ExEDAOBgNVBAsMB2RyaXZlcnMxDDAKBgNV +BAoMA29zczELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCK9qGc3CboY44t8K28q3GEVGsJieT5b3qNpsI1HBmJ7L6u0z2+qNCq6YS8 +zT4Dyf/E0lIluh1hfnHF0ZuPOc9tODZPuqGJrdSHDCgoh0pGgSG5Nne4YT/RLwtG +/F1DXVFBZRMvxqo+A5Td7R2jk/iAy0pIQNghxYOYyaq8bGV/CbkEgS3OUto3yA0F +UPyJLuBKlvw5/1gNOyWy2HRUHIrwMBSuFZ5cgjewWH8Q9WoFcaHvT5gh0+Rzffn9 +TEfuwsFDS8e9QMc6MmicCZ5y7xk3/J1ZRbk9ovh/AA7dhS9Q4LFmFr9e5MH7Yafu +LWk+12gRItC/W/r95PQF03dSPaQdAgMBAAGjUzBRMB0GA1UdDgQWBBRnQujD5pLP +J5ZalKZ0Ij3Zi0uJTjAfBgNVHSMEGDAWgBRnQujD5pLPJ5ZalKZ0Ij3Zi0uJTjAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQByyImDmYFnn/D3gLCy +F6ZrOV2xywDk36rfSfrpRK29E++3PBMvl/e5UrDQaI5dsoNjYiAO4J3xZqA0DQan +/6Pf1x/SL04nZnMuY73UFBovtk2RzkFJFPv11+m8muWiS2aiL1IEd83tpGXGaVXY +cmj+iqCupQGdZf9Qz3RhXi1Ye7m7joszYWazFCyAg2FtkwXeWBZcmRQFv3V3R6lt +cyZKLFjKCa8hyeEjYoTC53Fd9ibTdIEWtSWSvgGTDuKD1AjFvr92iYHaw3xsv1WF +8QXU6SjDaJfs7Crzm0B+5eQTjIp7Dwt5FfB5RSnnewiMqaMpI9HKvgA/Ru0iEb/8 +ANcF +-----END CERTIFICATE----- diff --git a/tests/integration/long/ssl/ca-key b/tests/integration/long/ssl/ca-key new file mode 100644 index 0000000000..4e804f18bd --- /dev/null +++ b/tests/integration/long/ssl/ca-key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCK9qGc3CboY44t +8K28q3GEVGsJieT5b3qNpsI1HBmJ7L6u0z2+qNCq6YS8zT4Dyf/E0lIluh1hfnHF +0ZuPOc9tODZPuqGJrdSHDCgoh0pGgSG5Nne4YT/RLwtG/F1DXVFBZRMvxqo+A5Td +7R2jk/iAy0pIQNghxYOYyaq8bGV/CbkEgS3OUto3yA0FUPyJLuBKlvw5/1gNOyWy +2HRUHIrwMBSuFZ5cgjewWH8Q9WoFcaHvT5gh0+Rzffn9TEfuwsFDS8e9QMc6Mmic +CZ5y7xk3/J1ZRbk9ovh/AA7dhS9Q4LFmFr9e5MH7YafuLWk+12gRItC/W/r95PQF +03dSPaQdAgMBAAECggEAAbNuG/o9Ma1SRrFXobkO0nn+thGthKNpgnAEQtvSsN5T +ISxYaPaDrgEzYjo4OZn7MEtgvQck/UCryio8IgnTm6Mgqw4o6a3/2B1SeoMuv2PX +kqmeLTASNLsY2L1rCNGMwTpS/KE3tpBFqLJny/eaMZK2GIyj+JnZzVYelGAr8oea +fA6v7O7DKgZ4ozMe8UNzBdmCUCcCPVJK42XvcwS2c+/bIJi86Wj/1I/r3LGONFJ5 +8iaiC4GTMqyLNIEFoo+bFeLfV3SDgXX5/J2uvyJziKDrx8N+1qnn5bEfVL8ViE8W +65Fa4Ht1A2IPSqkbw/fTzlfAAYCRfgdRGz/UYyRysQKBgQDAYkT3cQlkqxZ2DS14 +laK36EOu8moB2qwzN2kepZim1C/IXQKp5jwotNDIwrJsWorfEXyA22m9BBVnk2J+ +OIKPH3BH1RzPV7YFSHVXSrq7yA157OO7+CaB8dXGrvdu8fkIFyJNxFreSXjSn01S +RWjjrstJLKmWD44HmCT12/Z/yQKBgQC46jLbRB8kjpC4UU7RwEEfZ/QKh1xnzdxg +heqR2oEUyHLY6T0GZIltAGV7frCzIqBAxzGm8rWrvmx+Sv2whuN+T0X3DXjskELM +++wjJy8ZRroVpD/4AhIQqasZXSyyydRjDGFkn83d5Ski8oR33FxYZT/a/+yIKiHM +LLRrWB5ztQKBgQCZMqfw01bDj2pHf57iE2aMRK0BN5ErANN3xXw0J3I0B2w1hbuF +SA5H7BUGieRDXKaRk/8tLYw6NHJHFJquIJn3FvX2fcJ/aj1MX7LxXFTvDBOPMBD5 +slYXzFiL6vCmrJG+2405mE80DBXmw2xzQ0qPZLYFA0fYc3KKoaFtF0hn4QKBgQCn +wRf4IbnbEVcrT+Agm7i4xDb6Ykirh2/ZRURDo6Yc86h1LkuFhCnEcGqgeZPWP6CA +g/WAjonP0AZfIKs7vXOfAE3pzhgZDNr9WcKlNYQd+zMQNR0vYrl+0l39ubC2VjHO +1cl5XxyFpMMICFmy34ALVXdzt1+fPBHDR/85rwyZTQKBgFC9VXukiHiF0JVRHJwh +WFi16M4wAh7juPQjskAXK6USkuUZMSkONpQqFwVVKbxp4f+F3VKtDRWUYtiuZDgW +AosCimrs16KxTV1pjgJCE/C2b4ANAApStxZxzdN3qnwS5myNYEgU9cSNwfmKSoes +XOMwluTpn+FdmDye+Lw7nmoM +-----END PRIVATE KEY----- diff --git a/tests/integration/long/ssl/cassandra.truststore b/tests/integration/long/ssl/cassandra.truststore index b31e34b8aa..3ac9ab05e6 100644 Binary files a/tests/integration/long/ssl/cassandra.truststore and b/tests/integration/long/ssl/cassandra.truststore differ diff --git a/tests/integration/long/ssl/client.crt b/tests/integration/long/ssl/client.crt new file mode 100644 index 0000000000..4dfa834665 --- /dev/null +++ b/tests/integration/long/ssl/client.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDYTCCAkmgAwIBAgIUGtLp1v/4I4YFhA1t7Y4kb2LPkXYwDQYJKoZIhvcNAQEL +BQAwPzEQMA4GA1UEAwwHcm9vdC1jYTEQMA4GA1UECwwHZHJpdmVyczEMMAoGA1UE +CgwDb3NzMQswCQYDVQQGEwJVUzAeFw0yNDA5MjQwODUwMzlaFw0zNDA5MjIwODUw +MzlaMEExCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNvc3MxEDAOBgNVBAsTB2RyaXZl +cnMxEjAQBgNVBAMTCTEyNy4wLjAuMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBALj5zQWQP+Q1Zsrvnf0lFOmIMUwG3CnkKYIH+3w6UCBTimnqYUdWmDxX +rx2EMgOCkpWAQ+IdnPNygJdSdBiiv4Io6mCCtHYXQOLdvofQF+O7e7FTlWLAzaJF +3Sk7wHJGk2Xwm5uKr/EXtr7vT1a0WzNmPmdDMR5CBx/urnSob4v4wgWaXeJEQVGR +Q2Oe2cps2dl0kieq0iFdaaHxlaHFbODhBm7EmRPHmjPbEmTBkVlAXwvP9TWzf0K+ +XvguJ0ePadsG84PslheY7Vw0Ul6j2neshZR0aO/pjVDNRzTCtG2fwhJG+D7zwgcU +kxbDgmeVWJIgo4Z3C+jxfn2yKkO/i2UCAwEAAaNTMFEwDwYDVR0RBAgwBocEfwAA +ATAdBgNVHQ4EFgQU+jUkfI5lW5C5KYPWlNpa0RESilwwHwYDVR0jBBgwFoAUZ0Lo +w+aSzyeWWpSmdCI92YtLiU4wDQYJKoZIhvcNAQELBQADggEBAIKE5Xk52FbSz3h5 +ecl8GvdJlYrABzIXns41IV4ThJM5ki4Y2WVOk+t2dm74p61XHkCLaO+OltHuGNAO +dzuFnkEAEp6bILJQZ+bsSCn5mBwj5b6lup0n8Jdf01Gr6wmUemf4joiBMKz3J0JL +JVg56l5Wsz9MGIKra49z735rOE+VR+WgcZM95xHwXqN++jI4+c7GVuG4ShhHqpfV +mBS6bJ+pwxa3bClNYg+e9PWvEzzN6m6jg4Mgnxgz8Moj4BiNelxr+7QQCg8f6Ide +DNhwU/irKXukd0/HMzNvS9z6SsgK3V51txl0lah77T5Wjo5u310XbcU7/uAgqc35 +OcCwg7Q= +-----END CERTIFICATE----- diff --git a/tests/integration/long/ssl/client.crt_signed b/tests/integration/long/ssl/client.crt_signed deleted file mode 100644 index db3d903f19..0000000000 --- a/tests/integration/long/ssl/client.crt_signed +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDDjCCAfYCFAG4WryLorTXxNtrkEJ56zUg/XdDMA0GCSqGSIb3DQEBCwUAMEIx -CzAJBgNVBAYTAlVTMREwDwYDVQQKDAhkYXRhc3RheDEPMA0GA1UECwwGZmllbGRz -MQ8wDQYDVQQDDAZyb290Q2EwHhcNMjEwMzE3MTcwNTE4WhcNMjIwMzE3MTcwNTE4 -WjBFMQswCQYDVQQGEwJVUzERMA8GA1UECgwIZGF0YXN0YXgxDzANBgNVBAsMBmZp -ZWxkczESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAnrpE3g8pbQn2tVVidX2Ww1rh/6YIH6EGW9hXMO/F506ReMruv+Al -ilc7B2sPpGRDKXupy23IcpfMIe9+Lm74/yu7pW51rJ/r2jMqg+tViFa/GQxSQLKd -AxDAvwJaAM41kro0DKmcm4RwfYAltupwc6pC7AfBtT08PBuDK7WfaNnFbhGAWkHv -MbULNWAKbPWqITHbUEvLgS/uPj+/W4SHk5GaYk0Y2mU3aWypeDOBqEfKTi2W0ix1 -O7SpOHyfA0hvXS9IilF/HWURvr9u13mnvJNe8W+uqWqlQMdyFsbPCIhbVwVwGYQp -yoyBrgz6y5SPwSyugAb2F8Yk3UpvqH30yQIDAQABMA0GCSqGSIb3DQEBCwUAA4IB -AQB5XV+3NS5UpwpTXTYsadLL8XcdGsfITMs4MSv0N3oir++TUzTc3cOd2T6YVdEc -ypw5CKTYnFTK9oF2PZXeV+aLIjdvK4AukQurB8EdXq4Hu7y1b61OaGRqiKTVsIne -LwxCXpc42jqMFt4mMXpmU/hSCjRSvoumTcL1aHUzaPlSIasD2JDyLurO64gxQypi -wbD9gliPJ60pdhY0m9NfF5F2PdqBuJXrhF1VuxYx1/cfo/c1A4UK2slhsZCDls7/ -HbM8ri5Z74M1EtCGFcTNYvm0xlfF5arisGQSKhTw+06LnpUlQi5a8NRNBLeAmem/ -cuICJJbnSzjmq9skkp8i/ejH ------END CERTIFICATE----- diff --git a/tests/integration/long/ssl/client.key b/tests/integration/long/ssl/client.key index d6b8811a94..0d1e08e8bd 100644 --- a/tests/integration/long/ssl/client.key +++ b/tests/integration/long/ssl/client.key @@ -1,28 +1,32 @@ +Bag Attributes + friendlyName: 127.0.0.1 + localKeyID: 54 69 6D 65 20 31 37 32 37 31 36 37 38 32 34 36 37 31 +Key Attributes: -----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCeukTeDyltCfa1 -VWJ1fZbDWuH/pggfoQZb2Fcw78XnTpF4yu6/4CWKVzsHaw+kZEMpe6nLbchyl8wh -734ubvj/K7ulbnWsn+vaMyqD61WIVr8ZDFJAsp0DEMC/AloAzjWSujQMqZybhHB9 -gCW26nBzqkLsB8G1PTw8G4MrtZ9o2cVuEYBaQe8xtQs1YAps9aohMdtQS8uBL+4+ -P79bhIeTkZpiTRjaZTdpbKl4M4GoR8pOLZbSLHU7tKk4fJ8DSG9dL0iKUX8dZRG+ -v27Xeae8k17xb66paqVAx3IWxs8IiFtXBXAZhCnKjIGuDPrLlI/BLK6ABvYXxiTd -Sm+offTJAgMBAAECggEAN+VysRx3wy1aEvuRo7xpZjxQD/5BKBpFqfxioBogAFfb -xMT6FNnzfmc/o1ohdQvV1vr0jW4Iw8oPGfhD4Eg2KW4WM6jVicf7f6i7FR+/zDZ4 -L3L2WFBOGLFCn0FNvrDfjt9Byx/DxcR69Mc3ANZIaYMQ9Bu7LH73AlfR9oeMLpjL -+6g1qz2yz8Sm2CMCGXTyXtvUCgn2ld6nz8KlZ8FTUG9C9mAabuvV91Ko6rmTxuiv -YKvHSPnIjXRjuC+Ozjf1rYTOJ5LVMNNhlbIKBG/Nx5QzL7bA3XDtMD1BEI9pdHR+ -5HwA0tV2Ex67tBCJwlBAhYLxuPjfOj1R5KV8wriE3QKBgQDNvqOaGYiXwp9Rajoo -ltlOBPfnjshd9tPdc6tTUQR34vSbkHrg0HVJhvIP5LRbyx/M/8ACQxFkDRE4U7fJ -xVGDs8Pi0FqcqFTnm/AYQ5eZbJkPp9qe71aDOPanncrVNEGFeW26LaeLGbTLrOMM -6mTmsfGig0MKgml35IMrP+oPuwKBgQDFf56DdaFe08xSK9pDWuKxUuBIagGExQkQ -r9eYasBc336CXh3FWtpSlxl73dqtISh/HbKbv+OZfkVdbmkcTVGlWm/N/XvLqpPK -86kbKW6PY8FxIY/RxiZANf/JJ5gzPp6VQMJeSy+oepeWj11mTLcT02plvIMM0Jmg -Z5B9Hw37SwKBgDR/59lDmLI47FRnCc4fp/WbmPKSYZhwimFgyZ/p9XzuAcLMXD6P -ks4fTBc4IbmmnEfAHuu013QzTWiVHDm1SvaTYXG3/tcosPmkteBLJxz0NB5lk4io -w+eaGn5s6jv7KJj5gkFWswDwn0y1of5CtVqUn3b7jZjZ7DW2rq3TklNPAoGAIzaW -56+AfyzaQEhrWRkKVD2HmcG01Zxf+mav1RArjiOXJd1sB3UkehdQxuIOjFHeK5P6 -9YQoK4T1DyyRdydeCFJwntS0TuLyCPyaySoA+XX61pX6U5e12DsIiTATFgfzNH9g -aHmVXL/G6WRUbdn9xn4qeUs8Pnuu+IeenoB7+LMCgYBBnig9nTp81U+SGsNl2D3J -WUz4z+XzEfKU1nq2s4KNjIPB2T1ne+1x3Uso2hagtEHeuEbZoRY4dtCahAvYwrPM -8wtDFQXWmvFyN3X0Js65GZ++knuseQ1tdlbc/4C+k4u26tVe2GcwhKTjn08++L2E -UB3pLXbssswH271OjD+QkQ== +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC4+c0FkD/kNWbK +7539JRTpiDFMBtwp5CmCB/t8OlAgU4pp6mFHVpg8V68dhDIDgpKVgEPiHZzzcoCX +UnQYor+CKOpggrR2F0Di3b6H0Bfju3uxU5ViwM2iRd0pO8ByRpNl8Jubiq/xF7a+ +709WtFszZj5nQzEeQgcf7q50qG+L+MIFml3iREFRkUNjntnKbNnZdJInqtIhXWmh +8ZWhxWzg4QZuxJkTx5oz2xJkwZFZQF8Lz/U1s39Cvl74LidHj2nbBvOD7JYXmO1c +NFJeo9p3rIWUdGjv6Y1QzUc0wrRtn8ISRvg+88IHFJMWw4JnlViSIKOGdwvo8X59 +sipDv4tlAgMBAAECggEAHZfxgiNa5XLZuDvvxdFJ8DbW1DgAvz7+mQwX4v8dVJ6o +9VsHJzemcXkBzjIZIlCgjQSRV7qvIo++HPeXFV3sT7GmFbyzjHUZ73HUirvzJn8X +Qf6CVuNLwtt0j6U8m8vIxzVgX9knXuYRWajFw7RlJusDrtekIxgjNaulA4rzFax3 +hoJa8JYUizjZnTe2hhZSdG7JzbBV5n9Wei2rPTMXEI1llyCBb/MfhTBrCIYeF9PO +IYCAi/0i2en5uVTgQlwejGp5/xj1KWnbD1S5FWZgj88AXwHfVvEFxheEXxYXhLav +XGlrGxb1x/uFn651c3rWxMdfZc9T9QITSWuD7EFF4QKBgQD25n5/OtcQYGUoVH4g +o+wdiWva5FgzAlcaA3ciNW5Dtx/8obrkO3zJEDP3p4tnTRJEkWjuZaHMTCsq+K9U +egHgrTCQMpMV1xydkdUPVaBD7QXLr528VvNOiHdruxt7cRxVGbGzbwCj8dDwzLhe +W8tcmz02XTzfk6Vz+l73AS6IKQKBgQC/ywxOTx0tZPeK24d4rE4ufK9GYH8LQ1M+ +9HFh5VZZPyGM8zKQk4YJzQChwpRSMEToqY7x/51QDa02/mHNkntS6fw48TnBCt41 +JfYRfhOhVDCyFKOJ+vuM6RHlkZHFTxUvtZdnneuG/9HXY4HY64dSrKLqXGjWZ9ou +zqcVrHQA3QKBgAq+lRqsUNehmkVbB/IbsBbI+Cyaa0ws+eVj6TdP4/CGc5nm3982 +x4NodRp97A8ex4C8Yzicq6HcXrSMBfVDKfnBD6/2w3fb2J7yzbbRHxxVoD7w8YhU +sFnmjmvdxKBml7kMWTNZzUlVKKaSAiP5EqyBBPTssc14+2ZEqwVMw92hAoGADgtR +UF6stUlCczGWHvkHFJJex1mDlBCPBPojX1bK1ugvjcG1Py7+TrNrS20TLV2JfjwE +UqY0H8uQlolUIhiK3UxzArxvTTp9gQjRlwBTcanXkwK94vm09+GNRPE+6mLbG05B +0v2WZKFQ/WO0+2xr0VsA5wZzStf5+xl41LZ3HCUCgYAUyrj2/elSKdaXzNCVsLTU +PmOpQUiBUTt2YJ06UiZL0V+ompEl15MhDssMJcsJSfxEYmgExNvWJEWwJQy9LNoy +YZHj8PycoQOGYtbPwstleTmdKh0MfgKO3dmSSfueQur1p9/kjy+OYB4yiKcaPw0z +aaEu6ksnOjRTK5ZBhDhK0Q== -----END PRIVATE KEY----- diff --git a/tests/integration/long/ssl/client_encrypted.key b/tests/integration/long/ssl/client_encrypted.key index 49f475d7fe..645fd714b0 100644 --- a/tests/integration/long/ssl/client_encrypted.key +++ b/tests/integration/long/ssl/client_encrypted.key @@ -1,30 +1,30 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,7288A409E846EBE2DE421B77598DAF98 - -ahiUSf+k9POIEUJb5BGbQ6knk4+FtTz+e+6fouqVc4Lq+RXR9f0pFBi9eDEkFNiN -AcUjLkxh+3TmihTZJprqXSbQ3jacwbnwDOFgtZE3PxoA1heHxADaKCNr+Ph0lC/T -3cIzsoIZ6slk+3n6ERieZRdmvoMH1SY8nXKT5+bLMR4RIjw1y7h26MRhjQS+lXaX -Asd5EOGROCIgefeEBGHAbrlg0FoHy7slqVBxuZphTHKtyK/VK4fRLt6doUzBu5GJ -T2jdrqJCWr5PRn3bAqMemJWxDhZLX4DyNDQPn8riZ8jMbwPOVUSnF8B8re1tNkQ0 -CsH77sYIIjmPdizCdvj91+jH6o7MRCZPvky+PHG/9G5WsPiw5W1i/nrPemT1XJyy -oPRc/fMFfbHmW3HCGqgv2/6Wg+17un/a6UyzXsbNdhDZLCVqtAQ7PSv83z5oUazT -djzFHgxSqRknUY0lOUvP8Rni67MG+Rcksj9HgszhLoC0be64IX0Ey5oc5+pBYrf9 -FVEPsuyyu4aDSRYYATC2E1V/EQRwcvpKEZNFTbqMpQhjrWtlBM/GgQnQBeQdLAGX -yefDSzkH31y5gcdgHLElriWwbHHbcaAmf3e15W94YHgTytJBsQ9A19SmtmgUmo4h -jaFoUooM5mFA8hc/snSe2PdkEefkzS72g8qxa//61LTJAAkVk43dYjoqQ34wq6WR -OB4nn/W2xlfv/ClZJTWf8YvQTrQptJY5VQq/TTEcrXy67Uc0wRHXZK2rTjKeyRj9 -65SkyyXhMopWEl2vX25ReITVfdJ0FgjqI/ugYSf25iOfJtsk+jgrtrswZ+8F2eMq -iAQ+0JSiYmlot2Pn1QCalLjtTz8zeMfXPyo5fbKNMdp52U1cPYld90kUGHZfjqju -GmY/aHa6N8lZGxj8SC/JM36GawaGKe4S/F5BetYJOpaEzkpowqlTC8Syv529rm46 -vvgf+EJL8gRvdtnIEe/qtzbtel299VhaBpuOcApfTDSxRHZmvkCpdHo9I3KgOZB9 -Cqu9Bz+FiJmTk8rGQwmI8EYj38jneEoqA+fN7tUkzxCGacg+x6ke4nOcJzgBhd94 -8DvGclrcAwBY1mlNYRceFJKFXhwLZTKBojZlS8Q9863EAH3DOBLeP85V3YvBD/MK -O+kzPoxN/jPVNho7y4gL7skcqe/IXePzPxBcZrHJjoU7mGVDcVcouRj16XSezMbB -5Pft0/gGiItRJ2+v9DlPjzDfjTuRdS78muaZ4nNqX6B+JmyPJtkb2CdiHz6B21RO -3hjGrffM1nhmYBegyjTVc88IxzYg0T8CZLq1FYxuTZmwyahA520IpwsbfwXxLVMU -5rmou5dj1pVlvoP3l+ivPqugeY3k7UjZ33m5H9p009JR40dybr1S2RbI8Gqhe953 -0bedA4DWvPakODXgYu43al92uR/tyjazeB5t7Iu8uB5Xcm3/Mqoofe9xtdQSCWa0 -jKKvXzSpL1MM2C0bRyYHIkVR65K7Zmi/BzvTaPECo1+Uv+EwqRZRyBzUZKPP8LMq -jTCOBmYaK8+0dTRk8MEzrPW2ihVVJYVMmFyTZKW0iK7kOMKZRkhDCaNSUlPEty7j ------END RSA PRIVATE KEY----- +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQGwgW+7olu2AXiupx +NxswrAICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEIbwGGQKe8+6Kb+s +ngNKUFcEggTQPKEHVA1qFFXANwtAMXezfPAK9JlLHdAJNiSMy8RWvR+TLOt5xJ2b +FSP8c8ME425YXVyvV8XlQ4P9czr7UODuU7/aU0PL4gCrOWSPA+azWA3mJJEjx/QK +CY1MgrG++09TP1n7yv9kij7a3/3gOxEe9IkM+uLq8tjZi9Xhsvi68jmJUTXRD4UB +9moMtUH16LG866HeUwFk3P9ASoBoRDzKiq81FoU7iITNw+Hes5+2Tcs9ENfhPd43 +5Y9WrFFnArwuR7BZVqt72Bwme5iQfn4X7yczG4iyx7dk8DXCfvslWL1nWBoSRoVS +H1Xj9pNABgLbjO25/NI1ycTmX/f2dTq5QE5MuIAQJ5gfYjLQhYczswE/G7QqjyLA +5AMu+nz/B9oBLeRcjL2e5363bGD2/70lQdL2MvLxyTaPyYo9cOmzDSZfzYjzx1ro +y1wDlreKKT5zrPfQbZ1LTjmaWdLbI2t8UUy6X1H+E0qY5IsTIm9VfNSQJcmgtJSP +nAbdDvZlD2NGbpjDsjbmX1xwKG2z4JNyP0BS2PXd3STvBCCO6rUKovuyk7MlS3Kn +HU8F4spe0YAMuYZNG72XZuG1AhXGhGG0rCVnkaakyXH5kgUA76cmj5ONU5fX4B0Y +g/6+V/BelK5hVYUq9vUZEzUcY/IrWPoDe27nGmrFVaCTHymjrp+KUixiUJOkGP25 +z7URMsVPElkcPhNnfb9Wf1EAei//ETd5U7aVaxYSau6nijI+LhPWxBZNKjGQytEd +tFqc29GmIlIk22zZGj0OwMz6hm/OqQxAq9jHn34ZukqXzFlQ6/rmFKIQIVcA3HQL +NT7TgMCJqNB3pub2RhHS5iY8GatUT8OeXklGF7GLQV3xvEEMxm9+KmIe4F47I8P5 +V0soBKNDlZaiiKNE9WHld4zinbwZ/DNlpuuzeQeAPTii57CgSoDXyt+rST30lftp +OwCQ62j+h3sGTR2OexmILVIXBcrko/B3/MXQ4wmXKBasrEPlfuSBpm5QQ7eviM8r +55hkWlXFYA0ND+IlLnUB1MMcsGhvfrzbI1RlzL1CN0Vt3UyPZvrgJJKHfEQRUXcz +SWiZz1PaJNBNVYOfvAzWru1tv9ZVH7RMOQnoVOXoJBNHBAUA6f93W8x+dFuaaqRn +9v/snIAT5gNoNVllMWHeK1QPfEYJ90cDiUaxi8EiETuVpf/vGYSgbOV7VpTIhCq0 +buoWwN1/hEar+JhseK6b3qWKki9SHhwk3zN8y3+wt7lAA8eMhIY2dnz8rG2qiCRs +Co8qBYGgsYzqAGqutFuepMF8lGmVUw6g5MOEf2goIjdQ6PgcWHAFT//O5RrQEE86 +I4lRU0wn/kZfgPWOxMoghVTLZOLH14/pooMZwph+zLr6y3qp5QBlcPhZZETTo4B+ +iLEEoTPspJ/RsbI9OCoxTpQ/VrRKbHNUGOeI4HULEq04y0cZ+Vaaknktw2/xhUkk +78Mpj14fYmgp57jfAj8Xq8LkBPdW/FWMG+zfElu4U8Kz/Fgk2WSmj54idOu/zZUe +Y97ARqyP0upUL4PlE8glAFxbpWcwjKivoc9p2xb/gfomObeLzvxPXYzWXKqYc8dV +ZbgiJwDLOpIdBy+46sAkHXbhXLQ4+FpVEL4QohcPuPnuQoRNTjoz5wU= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/integration/long/ssl/generate_certificates.sh b/tests/integration/long/ssl/generate_certificates.sh new file mode 100755 index 0000000000..75029530c8 --- /dev/null +++ b/tests/integration/long/ssl/generate_certificates.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# create new CA key and certificate +openssl req -new -newkey rsa:2048 -days 3650 -x509 -subj "/CN=root-ca/OU=drivers/O=oss/C=US" -keyout ca-key -out ca-cert -nodes + +# create keystore and key-pair for DSE server +keytool -genkey -keyalg RSA -keystore 127.0.0.1.keystore -validity 3650 -storepass cassandra -keypass cassandra -dname "CN=127.0.0.1,OU=drivers,O=oss,C=US" -ext "SAN=IP:127.0.0.1" -alias 127.0.0.1 -storetype pkcs12 + +# export DSE server key from keystore +openssl pkcs12 -in 127.0.0.1.keystore -nodes -nocerts -out client.key -legacy -passin pass:cassandra + +# create encrypted client key +openssl rsa -aes256 -in client.key -passout pass:cassandra -out client_encrypted.key + +# create CSR +keytool -keystore 127.0.0.1.keystore -alias 127.0.0.1 -certreq -file client.csr -storepass cassandra -ext san=ip:127.0.0.1 + +# sign CSR with CA key +openssl x509 -req -CA ca-cert -CAkey ca-key -in client.csr -out client.crt -days 3650 -copy_extensions copyall -passin pass:cassandra + +# import CA certificate to DSE node keystore +keytool -keystore 127.0.0.1.keystore -alias CARoot -import -file ca-cert -storepass cassandra -noprompt + +# import signed certificate to DSE node keystore +keytool -keystore 127.0.0.1.keystore -alias 127.0.0.1 -import -file client.crt -storepass cassandra -noprompt + +# import CA certificate to DSE node truststore +keytool -keystore cassandra.truststore -alias CARoot -import -file ca-cert -storepass cassandra -noprompt + +# cleanup +rm client.csr \ No newline at end of file diff --git a/tests/integration/long/ssl/rootCa.crt b/tests/integration/long/ssl/rootCa.crt deleted file mode 100644 index a0a0ec73cf..0000000000 --- a/tests/integration/long/ssl/rootCa.crt +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDCzCCAfMCFCoTNYhIQpOXMBnAq8Bw72qfKwGLMA0GCSqGSIb3DQEBCwUAMEIx -CzAJBgNVBAYTAlVTMREwDwYDVQQKDAhkYXRhc3RheDEPMA0GA1UECwwGZmllbGRz -MQ8wDQYDVQQDDAZyb290Q2EwHhcNMjEwMzE3MTcwNTE2WhcNMzEwMzE1MTcwNTE2 -WjBCMQswCQYDVQQGEwJVUzERMA8GA1UECgwIZGF0YXN0YXgxDzANBgNVBAsMBmZp -ZWxkczEPMA0GA1UEAwwGcm9vdENhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -CgKCAQEApFoQtNu0+XQuMBPle4WAJYIMR74HL15uk9ToKBqMEXL7ah3r23xTTeGr -NyUXicM6Owiup7DK27F4vni+MYKAn7L4uZ99mW0ATYNXBDLFB+wwy1JBk4Dw5+eZ -q9lz1TGK7uBvTOXCllOA2qxRqtMTl2aPy5OuciWQe794abwFqs5+1l9GEuzJGsp1 -P9L4yljbmijC8RmvDFAeUZoKRdKXw2G5kUOHqK9Aej5gLxIK920PezpgLxm0V/PD -ZAlwlsW0vT79RgZCF/vtKcKSLtFTHgPBNPPbkZmOdE7s/6KoAkORBV/9CIsKeTC3 -Y/YeYQ2+G0gxiq1RcMavPw8f58POTQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA1 -MXBlk6u2oVBM+4SyYc2nsaHyerM+omUEysAUNFJq6S6i0pu32ULcusDfrnrIQoyR -xPJ/GSYqZkIDX0s9LvPVD6A6bnugR+Z6VfEniLkG1+TkFC+JMCblgJyaF/EbuayU -3iJX+uj7ikTySjMSDvXxOHik2i0aOh90B/351+sFnSPQrFDQ0XqxeG8s0d7EiLTV -wWJmsYglSeTo1vF3ilVRwjmHO9sX6cmQhRvRNmiQrdWaM3gLS5F6yoQ2UQQ3YdFp -quhYuNwy0Ip6ZpORHYtzkCKSanz/oUh17QWvi7aaJyqD5G5hWZgn3R4RCutoOHRS -TEJ+xzhY768rpsrrNUou ------END CERTIFICATE----- diff --git a/tests/integration/long/test_ssl.py b/tests/integration/long/test_ssl.py index 0e39cb21ad..f60adc6db4 100644 --- a/tests/integration/long/test_ssl.py +++ b/tests/integration/long/test_ssl.py @@ -42,10 +42,10 @@ SERVER_TRUSTSTORE_PATH = os.path.abspath("tests/integration/long/ssl/cassandra.truststore") # Client specific keys/certs -CLIENT_CA_CERTS = os.path.abspath("tests/integration/long/ssl/rootCa.crt") +CLIENT_CA_CERTS = os.path.abspath("tests/integration/long/ssl/ca-cert") DRIVER_KEYFILE = os.path.abspath("tests/integration/long/ssl/client.key") DRIVER_KEYFILE_ENCRYPTED = os.path.abspath("tests/integration/long/ssl/client_encrypted.key") -DRIVER_CERTFILE = os.path.abspath("tests/integration/long/ssl/client.crt_signed") +DRIVER_CERTFILE = os.path.abspath("tests/integration/long/ssl/client.crt") DRIVER_CERTFILE_BAD = os.path.abspath("tests/integration/long/ssl/client_bad.key") USES_PYOPENSSL = "twisted" in EVENT_LOOP_MANAGER or "eventlet" in EVENT_LOOP_MANAGER @@ -486,7 +486,7 @@ def test_cannot_connect_ssl_context_with_invalid_hostname(self): password="cassandra", ) ssl_context.verify_mode = ssl.CERT_REQUIRED - ssl_options["check_hostname"] = True + ssl_context.check_hostname = True with self.assertRaises(Exception): validate_ssl_options(ssl_context=ssl_context, ssl_options=ssl_options, hostname="localhost")