From 5375ac9e1a582dbadb56a4b6e0fd87ac7420456a Mon Sep 17 00:00:00 2001
From: Dennis Ahrens <dennis.ahrens@hs-hannover.de>
Date: Mon, 12 Mar 2018 13:19:23 +0100
Subject: [PATCH] SSL Settings are no longer a dictionary

---
 pikatasks/settings.py | 21 ++++++---------------
 pikatasks/utils.py    | 12 ++++++------
 2 files changed, 12 insertions(+), 21 deletions(-)

diff --git a/pikatasks/settings.py b/pikatasks/settings.py
index 46b322f..6717e8f 100644
--- a/pikatasks/settings.py
+++ b/pikatasks/settings.py
@@ -23,16 +23,11 @@ CLIENT_EXCHANGE_NAME = ""  # empty string -> amq.default exchange
 WORKER_TASK_PROCESSES = 10  # this many processes will be executing tasks
 
 SSL_ENABLED = True
-SSL_CONF = {
-    # # See ssl.wrap_socket() documentation: https://docs.python.org/3.6/library/ssl.html#ssl.wrap_socket
-    # "keyfile": "/foo/client/key.pem",
-    # "certfile": "/foo/client/cert.pem",
-    # "ca_certs": "/foo/ca/cacert.pem",
-    # NOTE: The following values are not meant to be changed through settings
-    # because this would be a mess in deployment!
-    "ssl_version": ssl.PROTOCOL_TLSv1_2,
-    "cert_reqs": ssl.CERT_REQUIRED,
-}
+SSL_KEY_FILE = None
+SSL_CERT_FILE = None
+SSL_CA_CERTS = None
+SSL_VERSION = ssl.PROTOCOL_TLSv1_2
+SSL_CERT_REQS = ssl.CERT_REQUIRED
 
 # stuff you might want to change sometimes:
 RPC_TIMEOUT = timedelta(seconds=10)  # affects client behaviour and message TTL
@@ -51,11 +46,7 @@ try:
         if k.isupper() and not k.startswith("_"):  # looks like a setting
             try:
                 new_value = getattr(django_settings, "PIKATASKS_" + k)
-                if isinstance(globals()[k], dict):
-                    assert isinstance(new_value, dict), "{} needs to be a dictionary".format(k)
-                    globals()[k].update(new_value)
-                else:
-                    globals()[k] = new_value
+                globals()[k] = new_value
             except ImproperlyConfigured:
                 pass  # django is installed but not used
             except AttributeError:
diff --git a/pikatasks/utils.py b/pikatasks/utils.py
index 51d6038..6bcdd0d 100644
--- a/pikatasks/utils.py
+++ b/pikatasks/utils.py
@@ -16,12 +16,12 @@ def deserialize(binary):
     return json.loads(binary.decode("utf-8"))
 
 
-def get_ssl_options(ssl_settings):
+def get_ssl_options(settings):
     """ Create pika.SSLOptions based on pikatasks settings. """
-    context = ssl.SSLContext(ssl_settings.get('ssl_version'))
-    context.verify_mode = (ssl_settings.get('cert_reqs'))
-    context.load_verify_locations(ssl_settings.get('ca_certs'))
-    context.load_cert_chain(ssl_settings.get('certfile'), ssl_settings.get('keyfile'))
+    context = ssl.SSLContext(settings.SSL_VERSION)
+    context.verify_mode = settings.SSL_CERT_REQS
+    context.load_verify_locations(settings.SSL_CA_CERTS)
+    context.load_cert_chain(settings.SSL_CERT_FILE, settings.SSL_KEY_FILE)
     return pika.SSLOptions(context)
 
 
@@ -36,7 +36,7 @@ def get_pika_connection_parameters():
             ),
             # TODO: causes a warning when closing connections
             blocked_connection_timeout=settings.BLOCKED_CONNECTION_TIMEOUT.total_seconds(),
-            ssl_options=get_ssl_options(settings.SSL_CONF) if settings.SSL_ENABLED else None,
+            ssl_options=get_ssl_options(settings) if settings.SSL_ENABLED else None,
         )
 
 
-- 
GitLab