forked from shaba/openuds
Fixed certs locations for some platforms
This commit is contained in:
Adolfo Gómez García
parent
79739bf9b8
commit
3ebc0dd26f
@ -40,7 +40,6 @@ import ssl
|
|||||||
import socket
|
import socket
|
||||||
import typing
|
import typing
|
||||||
|
|
||||||
import certifi
|
|
||||||
from cryptography import x509
|
from cryptography import x509
|
||||||
from cryptography.hazmat.backends import default_backend
|
from cryptography.hazmat.backends import default_backend
|
||||||
|
|
||||||
@ -186,6 +185,8 @@ class RestApi:
|
|||||||
ctx = ssl.create_default_context()
|
ctx = ssl.create_default_context()
|
||||||
ctx.check_hostname = False
|
ctx.check_hostname = False
|
||||||
ctx.verify_mode = ssl.CERT_NONE
|
ctx.verify_mode = ssl.CERT_NONE
|
||||||
|
# If we have the certificates file, we use it
|
||||||
|
if tools.getCaCertsFile() is not None:
|
||||||
ctx.load_verify_locations(tools.getCaCertsFile())
|
ctx.load_verify_locations(tools.getCaCertsFile())
|
||||||
hostname = urllib.parse.urlparse(url)[1]
|
hostname = urllib.parse.urlparse(url)[1]
|
||||||
serial = ''
|
serial = ''
|
||||||
|
|||||||
@ -34,12 +34,14 @@ import string
|
|||||||
import random
|
import random
|
||||||
import os
|
import os
|
||||||
import os.path
|
import os.path
|
||||||
|
import sys
|
||||||
import socket
|
import socket
|
||||||
import stat
|
import stat
|
||||||
import sys
|
import sys
|
||||||
import time
|
import time
|
||||||
import base64
|
import base64
|
||||||
import typing
|
import typing
|
||||||
|
|
||||||
import certifi
|
import certifi
|
||||||
|
|
||||||
try:
|
try:
|
||||||
@ -242,11 +244,22 @@ def verifySignature(script: bytes, signature: bytes) -> bool:
|
|||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
||||||
def getCaCertsFile() -> str:
|
def getCaCertsFile() -> typing.Optional[str]:
|
||||||
|
# First, try certifi...
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if os.path.exists(certifi.where()):
|
if os.path.exists(certifi.where()):
|
||||||
return certifi.where()
|
return certifi.where()
|
||||||
except Exception:
|
except Exception:
|
||||||
logger.debug('Certifi file does not exists: %s', certifi.where())
|
pass
|
||||||
|
|
||||||
return '' # Return empty path
|
logger.info('Certifi file does not exists: %s', certifi.where())
|
||||||
|
|
||||||
|
# Check if "standard" paths are valid for linux systems
|
||||||
|
if 'linux' in sys.platform:
|
||||||
|
for path in ('/etc/pki/tls/certs/ca-bundle.crt', '/etc/ssl/certs/ca-certificates.crt', '/etc/ssl/ca-bundle.pem'):
|
||||||
|
if os.path.exists(path):
|
||||||
|
logger.info('Found certifi path: %s', path)
|
||||||
|
return path
|
||||||
|
|
||||||
|
return None
|
||||||
|
|||||||
@ -120,6 +120,7 @@ class ForwardServer(socketserver.ThreadingTCPServer):
|
|||||||
|
|
||||||
# Do not "recompress" data, use only "base protocol" compression
|
# Do not "recompress" data, use only "base protocol" compression
|
||||||
context.options |= ssl.OP_NO_COMPRESSION
|
context.options |= ssl.OP_NO_COMPRESSION
|
||||||
|
if tools.getCaCertsFile() is not None:
|
||||||
context.load_verify_locations(
|
context.load_verify_locations(
|
||||||
tools.getCaCertsFile()
|
tools.getCaCertsFile()
|
||||||
) # Load certifi certificates
|
) # Load certifi certificates
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user