-
Notifications
You must be signed in to change notification settings - Fork 1.1k
PYTHON-5309 Ensure AsyncMongoClient doesn't use PyOpenSSL #2286
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
efe494d
b29d1ba
d9dfb99
c847f25
ae8ecc4
03f4ba1
5349164
67100fc
88ae345
e451ceb
0312acb
4e85024
dccd96a
c86a85f
12ef993
bc76aae
a9c63c8
67c6738
3ea4de7
38ad677
c57aed2
2591169
06a710d
ef4111e
0b3c6bb
9336f58
23b7cbe
760fa97
4b8a4ed
5807ba1
683ba33
d007c5f
05c061a
350f103
5fa117f
56c9662
a7324e5
af83d81
f6b17dd
74ca8be
536f189
24354b4
4178fcc
b2324e3
17cf61d
257f8fe
74f98c5
6752a67
750a9aa
e7e36b4
8af8f09
16d3cc3
6971fed
4d12c59
a0fe2e5
7b4ae9c
f02a791
4ed055e
981a046
c20623f
bdaf87a
c2b2cc3
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -87,7 +87,7 @@ | |
from pymongo.results import BulkWriteResult, DeleteResult | ||
from pymongo.ssl_support import BLOCKING_IO_ERRORS, get_ssl_context | ||
from pymongo.typings import _DocumentType, _DocumentTypeArg | ||
from pymongo.uri_parser_shared import parse_host | ||
from pymongo.uri_parser_shared import _parse_kms_tls_options, parse_host | ||
from pymongo.write_concern import WriteConcern | ||
|
||
if TYPE_CHECKING: | ||
|
@@ -157,6 +157,7 @@ def __init__( | |
self.mongocryptd_client = mongocryptd_client | ||
self.opts = opts | ||
self._spawned = False | ||
self._kms_ssl_contexts = opts._kms_ssl_contexts(_IS_SYNC) | ||
|
||
async def kms_request(self, kms_context: MongoCryptKmsContext) -> None: | ||
"""Complete a KMS request. | ||
|
@@ -168,7 +169,7 @@ async def kms_request(self, kms_context: MongoCryptKmsContext) -> None: | |
endpoint = kms_context.endpoint | ||
message = kms_context.message | ||
provider = kms_context.kms_provider | ||
ctx = self.opts._kms_ssl_contexts.get(provider) | ||
ctx = self._kms_ssl_contexts.get(provider) | ||
if ctx is None: | ||
# Enable strict certificate verification, OCSP, match hostname, and | ||
# SNI using the system default CA certificates. | ||
|
@@ -180,6 +181,7 @@ async def kms_request(self, kms_context: MongoCryptKmsContext) -> None: | |
False, # allow_invalid_certificates | ||
False, # allow_invalid_hostnames | ||
False, # disable_ocsp_endpoint_check | ||
_IS_SYNC, | ||
) | ||
# CSOT: set timeout for socket creation. | ||
connect_timeout = max(_csot.clamp_remaining(_KMS_CONNECT_TIMEOUT), 0.001) | ||
|
@@ -396,6 +398,8 @@ def __init__(self, client: AsyncMongoClient[_DocumentTypeArg], opts: AutoEncrypt | |
encrypted_fields_map = _dict_to_bson(opts._encrypted_fields_map, False, _DATA_KEY_OPTS) | ||
self._bypass_auto_encryption = opts._bypass_auto_encryption | ||
self._internal_client = None | ||
# parsing kms_ssl_contexts here so that parsing errors will be raised before internal clients are created | ||
opts._kms_ssl_contexts(_IS_SYNC) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It's worth adding a comment here to explain that we call this here so that parsing errors can be raised before creating internal clients. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. makes sense, added :) |
||
|
||
def _get_internal_client( | ||
encrypter: _Encrypter, mongo_client: AsyncMongoClient[_DocumentTypeArg] | ||
|
@@ -675,6 +679,7 @@ def __init__( | |
kms_tls_options=kms_tls_options, | ||
key_expiration_ms=key_expiration_ms, | ||
) | ||
self._kms_ssl_contexts = _parse_kms_tls_options(opts._kms_tls_options, _IS_SYNC) | ||
self._io_callbacks: Optional[_EncryptionIO] = _EncryptionIO( | ||
None, key_vault_coll, None, opts | ||
) | ||
|
Uh oh!
There was an error while loading. Please reload this page.