mirrors/github.com_openSUSE_osc
1
0
Fork 0
mirror of https://github.com/openSUSE/osc.git synced 2025-02-04 18:46:17 +01:00
Code

- conf._build_opener: make sure no certs are checked if "sslcertck" is disabled

Browse Source 
Since python >= 2.7.9 urllib2/httplib verifies the ssl cert by default - so
make sure that this "builtin" ssl check is disabled as well if
"sslcertck" is disabled. Fixes #179.
Note: eventually, we should abandon m2crypto and use urllib2/httplib to
verify the ssl cert.
This commit is contained in:
Marcus Huewe 2015-11-28 22:32:45 +01:00
parent 25118ceccc
commit b15f97bcd0
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
osc/conf.py
View File

@ -41,6 +41,7 @@ import base64
import os import os
import re import re
import sys import sys
import ssl
try: try:
from http.cookiejar import LWPCookieJar, CookieJar from http.cookiejar import LWPCookieJar, CookieJar
@ -49,7 +50,7 @@ try:
from urllib.parse import urlsplit from urllib.parse import urlsplit
from urllib.error import URLError from urllib.error import URLError
from urllib.request import HTTPBasicAuthHandler, HTTPCookieProcessor, HTTPPasswordMgrWithDefaultRealm, ProxyHandler from urllib.request import HTTPBasicAuthHandler, HTTPCookieProcessor, HTTPPasswordMgrWithDefaultRealm, ProxyHandler
from urllib.request import AbstractHTTPHandler, build_opener, proxy_bypass from urllib.request import AbstractHTTPHandler, build_opener, proxy_bypass, HTTPSHandler
except ImportError: except ImportError:
#python 2.x #python 2.x
from cookielib import LWPCookieJar, CookieJar from cookielib import LWPCookieJar, CookieJar
@ -57,7 +58,7 @@ except ImportError:
from StringIO import StringIO from StringIO import StringIO
from urlparse import urlsplit from urlparse import urlsplit
from urllib2 import URLError, HTTPBasicAuthHandler, HTTPCookieProcessor, HTTPPasswordMgrWithDefaultRealm, ProxyHandler from urllib2 import URLError, HTTPBasicAuthHandler, HTTPCookieProcessor, HTTPPasswordMgrWithDefaultRealm, ProxyHandler
from urllib2 import AbstractHTTPHandler, build_opener, proxy_bypass from urllib2 import AbstractHTTPHandler, build_opener, proxy_bypass, HTTPSHandler
from . import OscConfigParser from . import OscConfigParser
from osc import oscerr from osc import oscerr
@ -542,8 +543,15 @@ def _build_opener(apiurl):
raise oscerr.OscIOError(None, 'No CA certificates found') raise oscerr.OscIOError(None, 'No CA certificates found')
opener = m2urllib2.build_opener(ctx, oscssl.myHTTPSHandler(ssl_context=ctx, appname='osc'), HTTPCookieProcessor(cookiejar), authhandler, proxyhandler) opener = m2urllib2.build_opener(ctx, oscssl.myHTTPSHandler(ssl_context=ctx, appname='osc'), HTTPCookieProcessor(cookiejar), authhandler, proxyhandler)
else: else:
handlers = [HTTPCookieProcessor(cookiejar), authhandler, proxyhandler]
try:
# disable ssl cert check in python >= 2.7.9
ctx = ssl._create_unverified_context()
handlers.append(HTTPSHandler(context=ctx))
except AttributeError:
pass
print("WARNING: SSL certificate checks disabled. Connection is insecure!\n", file=sys.stderr) print("WARNING: SSL certificate checks disabled. Connection is insecure!\n", file=sys.stderr)
opener = build_opener(HTTPCookieProcessor(cookiejar), authhandler, proxyhandler) opener = build_opener(*handlers)
opener.addheaders = [('User-agent', 'osc/%s' % __version__)] opener.addheaders = [('User-agent', 'osc/%s' % __version__)]
_build_opener.last_opener = (apiurl, opener) _build_opener.last_opener = (apiurl, opener)
return opener return opener