Revision 6149f03e

b/vncauthproxy/client.py
76 76
                      help=("User password for the control connection "
77 77
                            "authentication"))
78 78
    parser.add_option("--no-ssl", dest="no_ssl",
79
                      action='store_false', default=False,
79
                      action='store_true', default=False,
80 80
                      help=("Disable SSL/TLS for control connecions "
81 81
                            "(default: %s)" % False))
82
    parser.add_option("--ca-cert", dest="ca_cert",
83
                      default=None,
84
                      metavar="CACERT",
85
                      help=("CA certificate file to use for server auth"))
86
    parser.add_option("--strict", dest="strict",
87
                      default=False, action='store_true',
88
                      metavar="STRICT",
89
                      help=("Perform strict authentication on the server "
90
                            "SSL cert"))
82 91

  
83 92
    (opts, args) = parser.parse_args(args)
84 93

  
......
94 103
    if not opts.auth_password:
95 104
        parser.error("The --auth-password argument is mandatory.")
96 105

  
106
    # Sanity check
107
    if opts.strict and not opts.ca_cert:
108
        parser.error("--strict requires --ca-cert to be set")
109
    if opts.no_ssl and opts.ca_cert:
110
        parser.error("--no-ssl and --ca-cert / --strict options "
111
                     "are mutually exclusive")
112

  
97 113
    return (opts, args)
98 114

  
99 115

  
100 116
def request_forwarding(sport, daddr, dport, password,
101 117
                       auth_user, auth_password,
102 118
                       server_address=DEFAULT_SERVER_ADDRESS,
103
                       server_port=DEFAULT_SERVER_PORT, no_ssl=False):
119
                       server_port=DEFAULT_SERVER_PORT, no_ssl=False,
120
                       ca_cert=None, strict=False):
104 121
    """Connect to vncauthproxy and request a VNC forwarding."""
105 122
    if not password:
106 123
        raise ValueError("You must specify a non-empty password")
......
129 146
                continue
130 147

  
131 148
            if not no_ssl:
149
                reqs = ssl.CERT_NONE
150
                if strict:
151
                    reqs = ssl.CERT_REQUIRED
152
                elif ca_cert:
153
                    reqs = ssl.CERT_OPTIONAL
154

  
132 155
                server = ssl.wrap_socket(
133
                      server, cert_reqs=ssl.CERT_NONE,
156
                      server, cert_reqs=reqs, ca_certs=ca_cert,
134 157
                      ssl_version=ssl.PROTOCOL_TLSv1)
135 158

  
136 159
            server.settimeout(60.0)
......
166 189
                             dport=opts.dport, password=opts.password,
167 190
                             auth_user=opts.auth_user,
168 191
                             auth_password=opts.auth_password,
169
                             no_ssl=opts.no_ssl)
192
                             no_ssl=opts.no_ssl, ca_cert=opts.ca_cert,
193
                             strict=opts.strict)
170 194

  
171 195
    reason = None
172 196
    if 'reason' in res:

Also available in: Unified diff