# HG changeset patch # User Goffi # Date 1585772930 -7200 # Node ID 2a0a16b906ac13f0a8a0df89c52d63f5468bcf25 # Parent b10d207f95f9997b59978ef1848881c27b1004eb plugin android: use `certifi` SSL root certicates diff -r b10d207f95f9 -r 2a0a16b906ac sat/plugins/plugin_misc_android.py --- a/sat/plugins/plugin_misc_android.py Wed Apr 01 16:17:09 2020 +0200 +++ b/sat/plugins/plugin_misc_android.py Wed Apr 01 22:28:50 2020 +0200 @@ -21,12 +21,7 @@ import os.path import json from pathlib import Path -from sat.core.i18n import _, D_ -from sat.core.constants import Const as C -from sat.core.log import getLogger -from sat.core import exceptions -from sat.tools.common import async_process -from sat.memory import params +from zope.interface import implementer from twisted.names import client as dns_client from twisted.python.procutils import which from twisted.internet import defer @@ -34,6 +29,14 @@ from twisted.internet import protocol from twisted.internet import abstract from twisted.internet import error as int_error +from twisted.internet import _sslverify +from sat.core.i18n import _, D_ +from sat.core.constants import Const as C +from sat.core.log import getLogger +from sat.core import exceptions +from sat.tools.common import async_process +from sat.memory import params + log = getLogger(__name__) @@ -54,6 +57,7 @@ import re +import certifi from plyer import vibrator from android import api_version from plyer.platforms.android import activity @@ -111,6 +115,19 @@ INTENT_EXTRA_ACTION = AndroidString("org.salut-a-toi.IntentAction") +@implementer(_sslverify.IOpenSSLTrustRoot) +class AndroidTrustPaths: + + def _addCACertsToContext(self, context): + # twisted doesn't have access to Android root certificates + # we use certifi to work around that (same thing is done in Kivy) + context.load_verify_locations(certifi.where()) + + +def platformTrust(): + return AndroidTrustPaths() + + class Notification(AndroidNotification): # We extend plyer's AndroidNotification instead of creating directly with jnius # because it already handles issues like backward compatibility, and we just want to @@ -275,6 +292,10 @@ self.notif_player.setAudioStreamType(AudioManager.STREAM_NOTIFICATION) self.notif_player.prepare() + # SSL fix + _sslverify.platformTrust = platformTrust + log.info("SSL Android patch applied") + # DNS fix defer.ensureDeferred(self.updateResolver())