mirrors/github.com_openSUSE_osc
1
0
Fork 0
mirror of https://github.com/openSUSE/osc.git synced 2025-02-03 18:16:17 +01:00
Code

Fix api_host_options for custom CAs (#1403)

Browse Source
This commit is contained in:
Tammo Oepkes 2023-09-11 21:06:34 +02:00 committed by GitHub
parent b870782a51
commit b9014ccd56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
osc/conf.py
View File

@ -887,6 +887,12 @@ def get_config(override_conffile=None,
if 'sslcertck' not in api_host_options[apiurl]: if 'sslcertck' not in api_host_options[apiurl]:
api_host_options[apiurl]['sslcertck'] = True api_host_options[apiurl]['sslcertck'] = True
if 'cafile' not in api_host_options[apiurl]:
api_host_options[apiurl]['cafile'] = None
if 'capath' not in api_host_options[apiurl]:
api_host_options[apiurl]['capath'] = None
if 'allow_http' not in api_host_options[apiurl]: if 'allow_http' not in api_host_options[apiurl]:
api_host_options[apiurl]['allow_http'] = False api_host_options[apiurl]['allow_http'] = False

3
osc/connection.py
View File

@ -261,6 +261,9 @@ def http_request(method: str, url: str, headers=None, data=None, file=None, retr
pool_kwargs["ssl_context"] = ssl_context pool_kwargs["ssl_context"] = ssl_context
# turn cert verification off if sslcertck = 0 # turn cert verification off if sslcertck = 0
if options["cafile"] or options["capath"]:
ssl_context.load_verify_locations(cafile=options["cafile"], capath=options["capath"])
# urllib3 v1 # urllib3 v1
pool_kwargs["cert_reqs"] = "CERT_REQUIRED" if options["sslcertck"] else "CERT_NONE" pool_kwargs["cert_reqs"] = "CERT_REQUIRED" if options["sslcertck"] else "CERT_NONE"

8
tests/test_conf.py
View File

@ -88,8 +88,8 @@ http_headers =
realname = The Administrator realname = The Administrator
email = admin@example.com email = admin@example.com
sslcertck = 1 sslcertck = 1
cafile = unused cafile = /path/to/custom_cacert.pem
capath = unused capath = /path/to/custom_cacert.d/
trusted_prj = openSUSE:* SUSE:* trusted_prj = openSUSE:* SUSE:*
downloadurl = http://example.com/ downloadurl = http://example.com/
sshkey = ~/.ssh/id_rsa.pub sshkey = ~/.ssh/id_rsa.pub
@ -356,11 +356,11 @@ class TestExampleConfig(unittest.TestCase):
def test_host_option_cafile(self): def test_host_option_cafile(self):
host_options = self.config["api_host_options"][self.config["apiurl"]] host_options = self.config["api_host_options"][self.config["apiurl"]]
self.assertEqual(host_options["cafile"], "unused") self.assertEqual(host_options["cafile"], "/path/to/custom_cacert.pem")
def test_host_option_capath(self): def test_host_option_capath(self):
host_options = self.config["api_host_options"][self.config["apiurl"]] host_options = self.config["api_host_options"][self.config["apiurl"]]
self.assertEqual(host_options["capath"], "unused") self.assertEqual(host_options["capath"], "/path/to/custom_cacert.d/")
def test_host_option_sshkey(self): def test_host_option_sshkey(self):
host_options = self.config["api_host_options"][self.config["apiurl"]] host_options = self.config["api_host_options"][self.config["apiurl"]]