Mercurial > libervia-desktop

changeset 280:b0461363bc65

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
core: certificate validation can be disabled: By using "no_certificate_validation=true" in sat.conf in [cagou] section, certificate validation can be disabled. This is mainly useful for developping on local machines with self-signed certificates.
author Goffi <goffi@goffi.org>
date Wed, 20 Mar 2019 09:29:44 +0100
parents aea973de55d9
children ef77423ce500
files cagou/core/cagou_main.py cagou/core/patches.py
diffstat 2 files changed, 48 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/cagou/core/cagou_main.py	Wed Mar 20 09:29:44 2019 +0100
+++ b/cagou/core/cagou_main.py	Wed Mar 20 09:29:44 2019 +0100
@@ -429,6 +429,14 @@
         self._visible_widgets = {}  # visible widgets by classes
         self.version = C.APP_VERSION  # will be replaced by getVersion()
 
+        if C.bool(config.getConfig(main_config,
+                                   C.CONFIG_SECTION,
+                                   'no_certificate_validation',
+                                   C.BOOL_FALSE)):
+            from cagou.core import patches
+            patches.apply()
+            log.warning(u"SSL certificate validation is disabled, this is unsecure!")
+
     @property
     def visible_widgets(self):
         for w_list in self._visible_widgets.itervalues():
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cagou/core/patches.py	Wed Mar 20 09:29:44 2019 +0100
@@ -0,0 +1,40 @@
+#!/usr//bin/env python2
+# -*- coding: utf-8 -*-
+
+# Cagou: desktop/mobile frontend for Salut à Toi XMPP client
+# Copyright (C) 2016-2019 Jérôme Poisson (goffi@goffi.org)
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import urllib2
+import ssl
+
+
+def apply():
+    # allow to disable certificate validation
+    ctx_no_verify = ssl.create_default_context()
+    ctx_no_verify.check_hostname = False
+    ctx_no_verify.verify_mode = ssl.CERT_NONE
+
+    class HTTPSHandler(urllib2.HTTPSHandler):
+        no_certificate_check = False
+
+        def __init__(self, *args, **kwargs):
+            urllib2._HTTPSHandler_ori.__init__(self, *args, **kwargs)
+            if self.no_certificate_check:
+                self._context = ctx_no_verify
+
+    urllib2._HTTPSHandler_ori = urllib2.HTTPSHandler
+    urllib2.HTTPSHandler = HTTPSHandler
+    urllib2.HTTPSHandler.no_certificate_check = True