Mercurial > libervia-backend
diff sat/plugins/plugin_misc_download.py @ 3205:2c0628f3927e
plugin download, aesgcm: disable TLS check if `check_certificate` setting is disabled
author | Goffi <goffi@goffi.org> |
---|---|
date | Fri, 06 Mar 2020 18:19:03 +0100 |
parents | d92a144f3589 |
children | 4252176ad993 |
line wrap: on
line diff
--- a/sat/plugins/plugin_misc_download.py Fri Mar 06 18:19:03 2020 +0100 +++ b/sat/plugins/plugin_misc_download.py Fri Mar 06 18:19:03 2020 +0100 @@ -29,6 +29,7 @@ from sat.tools import xml_tools from sat.tools.common import data_format from sat.tools import stream +from sat.tools.web import treq_client_no_ssl log = getLogger(__name__) @@ -163,6 +164,15 @@ # we close the file and only use its name, the file will be opened # by the registered callback dest_path = f.name + + # should we check certificates? + check_certificate = self.host.memory.getParamA( + "check_certificate", "Connection", profile_key=client.profile) + if not check_certificate: + options['ignore_tls_errors'] = True + log.warning( + _("certificate check disabled for download, this is dangerous!")) + try: callback = self._download_callbacks[uri_parsed.scheme] except KeyError: @@ -212,7 +222,15 @@ async def downloadHTTP(self, client, uri_parsed, dest_path, options): url = uri_parsed.geturl() - head_data = await treq.head(url) + if options.get('ignore_tls_errors', False): + log.warning( + "TLS certificate check disabled, this is highly insecure" + ) + treq_client = treq_client_no_ssl + else: + treq_client = treq + + head_data = await treq_.head(url) try: content_length = int(head_data.headers.getRawHeaders('content-length')[0]) except (KeyError, TypeError, IndexError): @@ -228,7 +246,7 @@ progress_id = file_obj.uid - resp = await treq.get(url, unbuffered=True) + resp = await treq_client.get(url, unbuffered=True) if resp.code == 200: d = treq.collect(resp, file_obj.write) d.addBoth(lambda _: file_obj.close())