summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTomás Touceda <chiiph@leap.se>2014-04-02 16:03:02 -0300
committerTomás Touceda <chiiph@leap.se>2014-04-02 16:03:02 -0300
commit2468b0eda7db1169d44a95f4c71c8cee323dfcf3 (patch)
tree46d35c93fbb8030eb0da0bceff776c47825e350d
parentf33cbc3a7e92ce742ee213018d16152f4996b64e (diff)
parent5b21dfa2ca18ef4840d908b27228f55b8e65b172 (diff)
Merge remote-tracking branch 'refs/remotes/ivan/feature/5391_support-selfsigned-certs' into develop
-rw-r--r--changes/feature-5391_support-selfsigned-certs1
-rw-r--r--src/leap/bitmask/app.py2
-rw-r--r--src/leap/bitmask/config/flags.py5
-rw-r--r--src/leap/bitmask/provider/providerbootstrapper.py7
-rw-r--r--src/leap/bitmask/util/leap_argparse.py13
5 files changed, 24 insertions, 4 deletions
diff --git a/changes/feature-5391_support-selfsigned-certs b/changes/feature-5391_support-selfsigned-certs
new file mode 100644
index 00000000..58c68f23
--- /dev/null
+++ b/changes/feature-5391_support-selfsigned-certs
@@ -0,0 +1 @@
+- Add support for self signed certs. Closes #5391.
diff --git a/src/leap/bitmask/app.py b/src/leap/bitmask/app.py
index 124671b3..02e27123 100644
--- a/src/leap/bitmask/app.py
+++ b/src/leap/bitmask/app.py
@@ -214,6 +214,8 @@ def main():
flags.APP_VERSION_CHECK = opts.app_version_check
flags.API_VERSION_CHECK = opts.api_version_check
+ flags.CA_CERT_FILE = opts.ca_cert_file
+
BaseConfig.standalone = standalone
replace_stdout = True
diff --git a/src/leap/bitmask/config/flags.py b/src/leap/bitmask/config/flags.py
index 82501fb2..5d8bc9b3 100644
--- a/src/leap/bitmask/config/flags.py
+++ b/src/leap/bitmask/config/flags.py
@@ -45,3 +45,8 @@ API_VERSION_CHECK = True
# Offline mode?
# Used for skipping soledad bootstrapping/syncs.
OFFLINE = False
+
+
+# CA cert path
+# used to allow self signed certs in requests that needs SSL
+CA_CERT_FILE = None
diff --git a/src/leap/bitmask/provider/providerbootstrapper.py b/src/leap/bitmask/provider/providerbootstrapper.py
index 654d1790..2a519206 100644
--- a/src/leap/bitmask/provider/providerbootstrapper.py
+++ b/src/leap/bitmask/provider/providerbootstrapper.py
@@ -99,9 +99,14 @@ class ProviderBootstrapper(AbstractBootstrapper):
:rtype: bool or str
"""
if self._bypass_checks:
- verify = False
+ return False
+
+ cert = flags.CA_CERT_FILE
+ if cert is not None:
+ verify = cert
else:
verify = ca_bundle.where()
+
return verify
def _check_name_resolution(self):
diff --git a/src/leap/bitmask/util/leap_argparse.py b/src/leap/bitmask/util/leap_argparse.py
index 56bf26dc..88267ff8 100644
--- a/src/leap/bitmask/util/leap_argparse.py
+++ b/src/leap/bitmask/util/leap_argparse.py
@@ -27,9 +27,10 @@ def build_parser():
All the options for the leap arg parser
Some of these could be switched on only if debug flag is present!
"""
- epilog = "Copyright 2012-2014 The LEAP Encryption Access Project"
- parser = argparse.ArgumentParser(description="""
-Launches the Bitmask client.""", epilog=epilog)
+ parser = argparse.ArgumentParser(
+ description="Launches the Bitmask client.",
+ epilog="Copyright 2012-2014 The LEAP Encryption Access Project")
+
parser.add_argument('-d', '--debug', action="store_true",
help=("Launches Bitmask in debug mode, writing debug "
"info to stdout."))
@@ -92,6 +93,12 @@ Launches the Bitmask client.""", epilog=epilog)
"Use at your own risk!")
parser.add_argument('--danger', action="store_true", help=help_text)
+ # optional cert file used to check domains with self signed certs.
+ parser.add_argument('--ca-cert-file', metavar="/path/to/cacert.pem",
+ nargs='?', action="store", dest="ca_cert_file",
+ help='Uses the given cert file to verify '
+ 'against domains.')
+
# Not in use, we might want to reintroduce them.
#parser.add_argument('-i', '--no-provider-checks',
#action="store_true", default=False,