- conf._build_opener: make sure no certs are checked if "sslcertck" is disabled

Since python >= 2.7.9 urllib2/httplib verifies the ssl cert by default - so make sure that this "builtin" ssl check is disabled as well if "sslcertck" is disabled. Fixes #179. Note: eventually, we should abandon m2crypto and use urllib2/httplib to verify the ssl cert.
2024-11-10 14:56:14 +01:00 · 2015-11-28 22:32:45 +01:00 · 2015-11-28 22:32:45 +01:00 · b15f97bcd0
commit b15f97bcd0
parent 25118ceccc
1 changed files with 11 additions and 3 deletions
--- a/osc/conf.py
+++ b/osc/conf.py
@ -41,6 +41,7 @@ import base64
 import os
 import re
 import sys
+import ssl

 try:
    from http.cookiejar import LWPCookieJar, CookieJar
@ -49,7 +50,7 @@ try:
    from urllib.parse import urlsplit
    from urllib.error import URLError
    from urllib.request import HTTPBasicAuthHandler, HTTPCookieProcessor, HTTPPasswordMgrWithDefaultRealm, ProxyHandler
-    from urllib.request import AbstractHTTPHandler, build_opener, proxy_bypass
+    from urllib.request import AbstractHTTPHandler, build_opener, proxy_bypass, HTTPSHandler
 except ImportError:
    #python 2.x
    from cookielib import LWPCookieJar, CookieJar
@ -57,7 +58,7 @@ except ImportError:
    from StringIO import StringIO
    from urlparse import urlsplit
    from urllib2 import URLError, HTTPBasicAuthHandler, HTTPCookieProcessor, HTTPPasswordMgrWithDefaultRealm, ProxyHandler
-    from urllib2 import AbstractHTTPHandler, build_opener, proxy_bypass
+    from urllib2 import AbstractHTTPHandler, build_opener, proxy_bypass, HTTPSHandler

 from . import OscConfigParser
 from osc import oscerr
@ -542,8 +543,15 @@ def _build_opener(apiurl):
            raise oscerr.OscIOError(None, 'No CA certificates found')
        opener = m2urllib2.build_opener(ctx, oscssl.myHTTPSHandler(ssl_context=ctx, appname='osc'), HTTPCookieProcessor(cookiejar), authhandler, proxyhandler)
    else:
+        handlers = [HTTPCookieProcessor(cookiejar), authhandler, proxyhandler]
+        try:
+            # disable ssl cert check in python >= 2.7.9
+            ctx = ssl._create_unverified_context()
+            handlers.append(HTTPSHandler(context=ctx))
+        except AttributeError:
+            pass
        print("WARNING: SSL certificate checks disabled. Connection is insecure!\n", file=sys.stderr)
-        opener = build_opener(HTTPCookieProcessor(cookiejar), authhandler, proxyhandler)
+        opener = build_opener(*handlers)
    opener.addheaders = [('User-agent', 'osc/%s' % __version__)]
    _build_opener.last_opener = (apiurl, opener)
    return opener