Client: Fixed memory leak in SSL lib

Providing certificates to HTTPSConnection was changed in Py 2.7.9, the old way is still supported, but there is a memory leak (fixed in 2.7.12). The code was changed to use the new way (SSLContext object) if it's available, thus avoiding the leak.

Client: Fixed memory leak in SSL lib
7773bdde · Václav Bartoš · 7401d092 · 7773bdde
Commit 7773bdde authored 7 years ago by Václav Bartoš
--- a/warden3/warden_client/warden_client.py
+++ b/warden3/warden_client/warden_client.py
@@ -39,6 +39,7 @@ class HTTPSConnection(httplib.HTTPSConnection):
    of SSL/ TLS version and cipher selection.  See:
    http://hg.python.org/cpython/file/c1c45755397b/Lib/httplib.py#l1144
    and `ssl.wrap_socket()`
+    Used only if ssl.SSLContext is not available (Python version < 2.7.9)
    '''
    def __init__(self, host, **kwargs):
        self.ciphers = kwargs.pop('ciphers',None)
@@ -271,6 +272,20 @@ class Client(object):
        self.ciphers = 'TLS_RSA_WITH_AES_256_CBC_SHA'
        self.sslversion = ssl.PROTOCOL_TLSv1
+        # If Python is new enough to have SSLContext, use it for SSL settings,
+        # otherwise our own class derived from httplib.HTTPSConnection is used
+        # later in connect().
+        if hasattr(ssl, 'SSLContext'):
+            self.sslcontext = ssl.SSLContext(self.sslversion)
+            self.sslcontext.load_cert_chain(self.certfile, self.keyfile)
+            if self.cafile:
+                self.sslcontext.load_verify_locations(self.cafile)
+                self.sslcontext.verify_mode = ssl.CERT_REQUIRED
+            else:
+                self.sslcontext.verify_mode = ssl.CERT_NONE
+        else:
+            self.sslcontext = None
        self.getInfo()  # Call to align limits with server opinion
@@ -361,14 +376,20 @@ class Client(object):
        try:
            if self.url.scheme=="https":
-                conn = HTTPSConnection(
+                if self.sslcontext:
-                    self.url.netloc,
+                    conn = httplib.HTTPSConnection(
-                    key_file = self.keyfile,
+                        self.url.netloc,
-                    cert_file = self.certfile,
+                        timeout = self.timeout,
-                    timeout = self.timeout,
+                        context = self.sslcontext)
-                    ciphers = self.ciphers,
+                else:
-                    ca_certs = self.cafile,
+                    conn = HTTPSConnection(
-                    ssl_version = self.sslversion)
+                        self.url.netloc,
+                        key_file = self.keyfile,
+                        cert_file = self.certfile,
+                        timeout = self.timeout,
+                        ciphers = self.ciphers,
+                        ca_certs = self.cafile,
+                        ssl_version = self.sslversion)
            elif self.url.scheme=="http":
                conn = httplib.HTTPConnection(
                    self.url.netloc,