Mercurial > libervia-backend
changeset 3245:2a0a16b906ac
plugin android: use `certifi` SSL root certicates
author | Goffi <goffi@goffi.org> |
---|---|
date | Wed, 01 Apr 2020 22:28:50 +0200 |
parents | b10d207f95f9 |
children | 5ba0b1cdd45b |
files | sat/plugins/plugin_misc_android.py |
diffstat | 1 files changed, 27 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/sat/plugins/plugin_misc_android.py Wed Apr 01 16:17:09 2020 +0200 +++ b/sat/plugins/plugin_misc_android.py Wed Apr 01 22:28:50 2020 +0200 @@ -21,12 +21,7 @@ import os.path import json from pathlib import Path -from sat.core.i18n import _, D_ -from sat.core.constants import Const as C -from sat.core.log import getLogger -from sat.core import exceptions -from sat.tools.common import async_process -from sat.memory import params +from zope.interface import implementer from twisted.names import client as dns_client from twisted.python.procutils import which from twisted.internet import defer @@ -34,6 +29,14 @@ from twisted.internet import protocol from twisted.internet import abstract from twisted.internet import error as int_error +from twisted.internet import _sslverify +from sat.core.i18n import _, D_ +from sat.core.constants import Const as C +from sat.core.log import getLogger +from sat.core import exceptions +from sat.tools.common import async_process +from sat.memory import params + log = getLogger(__name__) @@ -54,6 +57,7 @@ import re +import certifi from plyer import vibrator from android import api_version from plyer.platforms.android import activity @@ -111,6 +115,19 @@ INTENT_EXTRA_ACTION = AndroidString("org.salut-a-toi.IntentAction") +@implementer(_sslverify.IOpenSSLTrustRoot) +class AndroidTrustPaths: + + def _addCACertsToContext(self, context): + # twisted doesn't have access to Android root certificates + # we use certifi to work around that (same thing is done in Kivy) + context.load_verify_locations(certifi.where()) + + +def platformTrust(): + return AndroidTrustPaths() + + class Notification(AndroidNotification): # We extend plyer's AndroidNotification instead of creating directly with jnius # because it already handles issues like backward compatibility, and we just want to @@ -275,6 +292,10 @@ self.notif_player.setAudioStreamType(AudioManager.STREAM_NOTIFICATION) self.notif_player.prepare() + # SSL fix + _sslverify.platformTrust = platformTrust + log.info("SSL Android patch applied") + # DNS fix defer.ensureDeferred(self.updateResolver())