summaryrefslogtreecommitdiff
path: root/src/leap
diff options
context:
space:
mode:
authorkali <kali@leap.se>2012-09-21 06:32:40 +0900
committerkali <kali@leap.se>2012-09-21 06:37:47 +0900
commitd1ebe98239fbc2baffa345558d396fa539e79202 (patch)
tree1b0368105bdccee7a7a411b7a6b23ad89392e472 /src/leap
parent1ad0ef0a6e428ed37fe76ba91660db0bae7af857 (diff)
added --no-provider-checks and --no-ca-verify for ease of debugging
Close #604
Diffstat (limited to 'src/leap')
-rw-r--r--src/leap/app.py1
-rw-r--r--src/leap/baseapp/eip.py10
-rw-r--r--src/leap/eip/checks.py20
-rw-r--r--src/leap/eip/eipconnection.py4
-rw-r--r--src/leap/util/leap_argparse.py17
-rw-r--r--src/leap/util/tests/test_leap_argparse.py2
6 files changed, 39 insertions, 15 deletions
diff --git a/src/leap/app.py b/src/leap/app.py
index d51ac46d..52ebcaea 100644
--- a/src/leap/app.py
+++ b/src/leap/app.py
@@ -35,6 +35,7 @@ def main():
console.setFormatter(formatter)
logger.addHandler(console)
+ logger.debug(opts)
logger.info('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~')
logger.info('LEAP client version %s', VERSION)
logger.info('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~')
diff --git a/src/leap/baseapp/eip.py b/src/leap/baseapp/eip.py
index 98ff7142..b0e14be7 100644
--- a/src/leap/baseapp/eip.py
+++ b/src/leap/baseapp/eip.py
@@ -1,7 +1,7 @@
from __future__ import print_function
import logging
import time
-import sys
+#import sys
from PyQt4 import QtCore
@@ -40,9 +40,11 @@ class EIPConductorAppMixin(object):
debug=self.debugmode,
ovpn_verbosity=opts.openvpn_verb)
- # XXX get skip_download from cli flag
- skip_download = False
- self.conductor.run_checks(skip_download=skip_download)
+ skip_download = opts.no_provider_checks
+ skip_verify = opts.no_ca_verify
+ self.conductor.run_checks(
+ skip_download=skip_download,
+ skip_verify=skip_verify)
self.error_check()
# XXX should receive "ready" signal
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index cf758314..ef09a582 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -135,10 +135,12 @@ class ProviderCertChecker(object):
self.fetcher = fetcher
self.cacert = get_ca_cert()
- def run_all(self, checker=None, skip_download=False):
+ def run_all(self, checker=None, skip_download=False, skip_verify=False):
if not checker:
checker = self
+ do_verify = not skip_verify
+ logger.debug('do_verify: %s', do_verify)
# For MVS+
# checker.download_ca_cert()
# checker.download_ca_signature()
@@ -149,8 +151,8 @@ class ProviderCertChecker(object):
checker.is_there_provider_ca()
# XXX FAKE IT!!!
- checker.is_https_working(verify=False)
- checker.check_new_cert_needed(verify=False)
+ checker.is_https_working(verify=do_verify)
+ checker.check_new_cert_needed(verify=do_verify)
def download_ca_cert(self):
# MVS+
@@ -183,17 +185,21 @@ class ProviderCertChecker(object):
if uri is None:
uri = self._get_root_uri()
# XXX raise InsecureURI or something better
- logger.debug('is https working?')
- logger.debug('uri: %s', uri)
assert uri.startswith('https')
if verify is True and self.cacert is not None:
logger.debug('verify cert: %s', self.cacert)
verify = self.cacert
+ logger.debug('is https working?')
+ logger.debug('uri: %s (verify:%s)', uri, verify)
try:
self.fetcher.get(uri, verify=verify)
- except requests.exceptions.SSLError:
- logger.debug('False!')
+ except requests.exceptions.SSLError as exc:
+ logger.warning('False! CERT VERIFICATION FAILED! '
+ '(this should be CRITICAL)')
+ logger.warning('SSLError: %s', exc.message)
raise eipexceptions.EIPBadCertError
+ # XXX get requests.exceptions.ConnectionError Errno 110
+ # Connection timed out, and raise ours.
else:
logger.debug('True')
return True
diff --git a/src/leap/eip/eipconnection.py b/src/leap/eip/eipconnection.py
index 4e240f16..f0a98d8c 100644
--- a/src/leap/eip/eipconnection.py
+++ b/src/leap/eip/eipconnection.py
@@ -46,7 +46,7 @@ class EIPConnection(OpenVPNConnection):
def has_errors(self):
return True if self.error_queue.qsize() != 0 else False
- def run_checks(self, skip_download=False):
+ def run_checks(self, skip_download=False, skip_verify=False):
"""
run all eip checks previous to attempting a connection
"""
@@ -59,7 +59,7 @@ class EIPConnection(OpenVPNConnection):
try:
# network (1)
- self.provider_cert_checker.run_all()
+ self.provider_cert_checker.run_all(skip_verify=skip_verify)
except Exception as exc:
push_err(exc)
try:
diff --git a/src/leap/util/leap_argparse.py b/src/leap/util/leap_argparse.py
index 3b38aa77..2f996a31 100644
--- a/src/leap/util/leap_argparse.py
+++ b/src/leap/util/leap_argparse.py
@@ -2,12 +2,16 @@ import argparse
def build_parser():
+ """
+ all the options for the leap arg parser
+ Some of these could be switched on only if debug flag is present!
+ """
epilog = "Copyright 2012 The Leap Project"
parser = argparse.ArgumentParser(description="""
Launches main LEAP Client""", epilog=epilog)
- parser.add_argument('--debug', action="store_true",
+ parser.add_argument('-d', '--debug', action="store_true",
help='launches in debug mode')
- parser.add_argument('--config', metavar="CONFIG FILE", nargs='?',
+ parser.add_argument('-c', '--config', metavar="CONFIG FILE", nargs='?',
action="store", dest="config_file",
type=argparse.FileType('r'),
help='optional config file')
@@ -19,6 +23,15 @@ Launches main LEAP Client""", epilog=epilog)
type=int,
action="store", dest="openvpn_verb",
help='verbosity level for openvpn logs [1-6]')
+ parser.add_argument('-l', '--no-provider-checks',
+ action="store_true", default=False,
+ help="skips download of provider config files. gets "
+ "config from local files only. Will fail if cannot "
+ "find any")
+ parser.add_argument('-k', '--no-ca-verify',
+ action="store_true", default=False,
+ help="(insecure). Skips verification of the server "
+ "certificate used in TLS handshake.")
return parser
diff --git a/src/leap/util/tests/test_leap_argparse.py b/src/leap/util/tests/test_leap_argparse.py
index 173c87bb..082919b7 100644
--- a/src/leap/util/tests/test_leap_argparse.py
+++ b/src/leap/util/tests/test_leap_argparse.py
@@ -27,6 +27,8 @@ class LeapArgParseTest(unittest.TestCase):
config_file=None,
debug=True,
log_file=None,
+ no_provider_checks=False,
+ no_ca_verify=False,
openvpn_verb=None))
if __name__ == "__main__":