added --no-provider-checks and --no-ca-verify for ease of debugging

Close #604
author: kali <kali@leap.se> 2012-09-21 06:32:40 +0900
committer: kali <kali@leap.se> 2012-09-21 06:37:47 +0900
commit: d1ebe98239fbc2baffa345558d396fa539e79202 (patch)
tree: 1b0368105bdccee7a7a411b7a6b23ad89392e472
parent: 1ad0ef0a6e428ed37fe76ba91660db0bae7af857 (diff)
6 files changed, 39 insertions, 15 deletions
diff --git a/src/leap/app.py b/src/leap/app.py
index d51ac46d..52ebcaea 100644
--- a/src/leap/app.py
+++ b/src/leap/app.py
@@ -35,6 +35,7 @@ def main():
     console.setFormatter(formatter)
     logger.addHandler(console)
 
+    logger.debug(opts)
     logger.info('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~')
     logger.info('LEAP client version %s', VERSION)
     logger.info('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~')
diff --git a/src/leap/baseapp/eip.py b/src/leap/baseapp/eip.py
index 98ff7142..b0e14be7 100644
--- a/src/leap/baseapp/eip.py
+++ b/src/leap/baseapp/eip.py
@@ -1,7 +1,7 @@
 from __future__ import print_function
 import logging
 import time
-import sys
+#import sys
 
 from PyQt4 import QtCore
 
@@ -40,9 +40,11 @@ class EIPConductorAppMixin(object):
             debug=self.debugmode,
             ovpn_verbosity=opts.openvpn_verb)
 
-        # XXX get skip_download from cli flag
-        skip_download = False
-        self.conductor.run_checks(skip_download=skip_download)
+        skip_download = opts.no_provider_checks
+        skip_verify = opts.no_ca_verify
+        self.conductor.run_checks(
+            skip_download=skip_download,
+            skip_verify=skip_verify)
         self.error_check()
 
         # XXX should receive "ready" signal
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index cf758314..ef09a582 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -135,10 +135,12 @@ class ProviderCertChecker(object):
         self.fetcher = fetcher
         self.cacert = get_ca_cert()
 
-    def run_all(self, checker=None, skip_download=False):
+    def run_all(self, checker=None, skip_download=False, skip_verify=False):
         if not checker:
             checker = self
 
+        do_verify = not skip_verify
+        logger.debug('do_verify: %s', do_verify)
         # For MVS+
         # checker.download_ca_cert()
         # checker.download_ca_signature()
@@ -149,8 +151,8 @@ class ProviderCertChecker(object):
         checker.is_there_provider_ca()
 
         # XXX FAKE IT!!!
-        checker.is_https_working(verify=False)
-        checker.check_new_cert_needed(verify=False)
+        checker.is_https_working(verify=do_verify)
+        checker.check_new_cert_needed(verify=do_verify)
 
     def download_ca_cert(self):
         # MVS+
@@ -183,17 +185,21 @@ class ProviderCertChecker(object):
         if uri is None:
             uri = self._get_root_uri()
         # XXX raise InsecureURI or something better
-        logger.debug('is https working?')
-        logger.debug('uri: %s', uri)
         assert uri.startswith('https')
         if verify is True and self.cacert is not None:
             logger.debug('verify cert: %s', self.cacert)
             verify = self.cacert
+        logger.debug('is https working?')
+        logger.debug('uri: %s (verify:%s)', uri, verify)
         try:
             self.fetcher.get(uri, verify=verify)
-        except requests.exceptions.SSLError:
-            logger.debug('False!')
+        except requests.exceptions.SSLError as exc:
+            logger.warning('False! CERT VERIFICATION FAILED! '
+                           '(this should be CRITICAL)')
+            logger.warning('SSLError: %s', exc.message)
             raise eipexceptions.EIPBadCertError
+        # XXX get requests.exceptions.ConnectionError Errno 110
+        # Connection timed out, and raise ours.
         else:
             logger.debug('True')
             return True
diff --git a/src/leap/eip/eipconnection.py b/src/leap/eip/eipconnection.py
index 4e240f16..f0a98d8c 100644
--- a/src/leap/eip/eipconnection.py
+++ b/src/leap/eip/eipconnection.py
@@ -46,7 +46,7 @@ class EIPConnection(OpenVPNConnection):
     def has_errors(self):
         return True if self.error_queue.qsize() != 0 else False
 
-    def run_checks(self, skip_download=False):
+    def run_checks(self, skip_download=False, skip_verify=False):
         """
         run all eip checks previous to attempting a connection
         """
@@ -59,7 +59,7 @@ class EIPConnection(OpenVPNConnection):
 
         try:
             # network (1)
-            self.provider_cert_checker.run_all()
+            self.provider_cert_checker.run_all(skip_verify=skip_verify)
         except Exception as exc:
             push_err(exc)
         try:
diff --git a/src/leap/util/leap_argparse.py b/src/leap/util/leap_argparse.py
index 3b38aa77..2f996a31 100644
--- a/src/leap/util/leap_argparse.py
+++ b/src/leap/util/leap_argparse.py
@@ -2,12 +2,16 @@ import argparse
 
 
 def build_parser():
+    """
+    all the options for the leap arg parser
+    Some of these could be switched on only if debug flag is present!
+    """
     epilog = "Copyright 2012 The Leap Project"
     parser = argparse.ArgumentParser(description="""
 Launches main LEAP Client""", epilog=epilog)
-    parser.add_argument('--debug', action="store_true",
+    parser.add_argument('-d', '--debug', action="store_true",
                         help='launches in debug mode')
-    parser.add_argument('--config', metavar="CONFIG FILE", nargs='?',
+    parser.add_argument('-c', '--config', metavar="CONFIG FILE", nargs='?',
                         action="store", dest="config_file",
                         type=argparse.FileType('r'),
                         help='optional config file')
@@ -19,6 +23,15 @@ Launches main LEAP Client""", epilog=epilog)
                         type=int,
                         action="store", dest="openvpn_verb",
                         help='verbosity level for openvpn logs [1-6]')
+    parser.add_argument('-l', '--no-provider-checks',
+                        action="store_true", default=False,
+                        help="skips download of provider config files. gets "
+                        "config from local files only. Will fail if cannot "
+                        "find any")
+    parser.add_argument('-k', '--no-ca-verify',
+                        action="store_true", default=False,
+                        help="(insecure). Skips verification of the server "
+                        "certificate used in TLS handshake.")
     return parser
 
 
diff --git a/src/leap/util/tests/test_leap_argparse.py b/src/leap/util/tests/test_leap_argparse.py
index 173c87bb..082919b7 100644
--- a/src/leap/util/tests/test_leap_argparse.py
+++ b/src/leap/util/tests/test_leap_argparse.py
@@ -27,6 +27,8 @@ class LeapArgParseTest(unittest.TestCase):
                 config_file=None,
                 debug=True,
                 log_file=None,
+                no_provider_checks=False,
+                no_ca_verify=False,
                 openvpn_verb=None))
 
 if __name__ == "__main__":
author	kali <kali@leap.se>	2012-09-21 06:32:40 +0900
committer	kali <kali@leap.se>	2012-09-21 06:37:47 +0900
commit	d1ebe98239fbc2baffa345558d396fa539e79202 (patch)
tree	1b0368105bdccee7a7a411b7a6b23ad89392e472
parent	1ad0ef0a6e428ed37fe76ba91660db0bae7af857 (diff)