Mercurial > libervia-backend
diff sat/plugins/plugin_sec_aesgcm.py @ 3205:2c0628f3927e
plugin download, aesgcm: disable TLS check if `check_certificate` setting is disabled
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Fri, 06 Mar 2020 18:19:03 +0100 |
| parents | adf1aeaa0d37 |
| children | 2ba602aef90e |
line wrap: on
line diff
--- a/sat/plugins/plugin_sec_aesgcm.py Fri Mar 06 18:19:03 2020 +0100 +++ b/sat/plugins/plugin_sec_aesgcm.py Fri Mar 06 18:19:03 2020 +0100 @@ -33,6 +33,7 @@ from sat.core import exceptions from sat.tools import stream from sat.core.log import getLogger +from sat.tools.web import treq_client_no_ssl log = getLogger(__name__) @@ -92,7 +93,15 @@ download_url = parse.urlunparse( ('https', uri_parsed.netloc, uri_parsed.path, '', '', '')) - head_data = await treq.head(download_url) + if options.get('ignore_tls_errors', False): + log.warning( + "TLS certificate check disabled, this is highly insecure" + ) + treq_client = treq_client_no_ssl + else: + treq_client = treq + + head_data = await treq_client.head(download_url) content_length = int(head_data.headers.getRawHeaders('content-length')[0]) # the 128 bits tag is put at the end file_size = content_length - 16 @@ -107,7 +116,7 @@ progress_id = file_obj.uid - resp = await treq.get(download_url, unbuffered=True) + resp = await treq_client.get(download_url, unbuffered=True) if resp.code == 200: d = treq.collect(resp, partial( self.onDataDownload,