# HG changeset patch # User Goffi # Date 1553070584 -3600 # Node ID b0461363bc658065e884958d62c91cf7fea51f56 # Parent aea973de55d9efa3f08e66d85736ab3b67eddb00 core: certificate validation can be disabled: By using "no_certificate_validation=true" in sat.conf in [cagou] section, certificate validation can be disabled. This is mainly useful for developping on local machines with self-signed certificates. diff -r aea973de55d9 -r b0461363bc65 cagou/core/cagou_main.py --- a/cagou/core/cagou_main.py Wed Mar 20 09:29:44 2019 +0100 +++ b/cagou/core/cagou_main.py Wed Mar 20 09:29:44 2019 +0100 @@ -429,6 +429,14 @@ self._visible_widgets = {} # visible widgets by classes self.version = C.APP_VERSION # will be replaced by getVersion() + if C.bool(config.getConfig(main_config, + C.CONFIG_SECTION, + 'no_certificate_validation', + C.BOOL_FALSE)): + from cagou.core import patches + patches.apply() + log.warning(u"SSL certificate validation is disabled, this is unsecure!") + @property def visible_widgets(self): for w_list in self._visible_widgets.itervalues(): diff -r aea973de55d9 -r b0461363bc65 cagou/core/patches.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/cagou/core/patches.py Wed Mar 20 09:29:44 2019 +0100 @@ -0,0 +1,40 @@ +#!/usr//bin/env python2 +# -*- coding: utf-8 -*- + +# Cagou: desktop/mobile frontend for Salut à Toi XMPP client +# Copyright (C) 2016-2019 Jérôme Poisson (goffi@goffi.org) + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. + +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +import urllib2 +import ssl + + +def apply(): + # allow to disable certificate validation + ctx_no_verify = ssl.create_default_context() + ctx_no_verify.check_hostname = False + ctx_no_verify.verify_mode = ssl.CERT_NONE + + class HTTPSHandler(urllib2.HTTPSHandler): + no_certificate_check = False + + def __init__(self, *args, **kwargs): + urllib2._HTTPSHandler_ori.__init__(self, *args, **kwargs) + if self.no_certificate_check: + self._context = ctx_no_verify + + urllib2._HTTPSHandler_ori = urllib2.HTTPSHandler + urllib2.HTTPSHandler = HTTPSHandler + urllib2.HTTPSHandler.no_certificate_check = True