From 5b21dfa2ca18ef4840d908b27228f55b8e65b172 Mon Sep 17 00:00:00 2001
From: Ivan Alejandro <ivanalejandro0@gmail.com>
Date: Tue, 1 Apr 2014 17:03:14 -0300
Subject: Add support for self signed certs. Closes #5391.

---
 src/leap/bitmask/app.py                           | 2 ++
 src/leap/bitmask/config/flags.py                  | 5 +++++
 src/leap/bitmask/provider/providerbootstrapper.py | 7 ++++++-
 src/leap/bitmask/util/leap_argparse.py            | 6 ++++++
 4 files changed, 19 insertions(+), 1 deletion(-)

(limited to 'src/leap/bitmask')

diff --git a/src/leap/bitmask/app.py b/src/leap/bitmask/app.py
index 124671b3..02e27123 100644
--- a/src/leap/bitmask/app.py
+++ b/src/leap/bitmask/app.py
@@ -214,6 +214,8 @@ def main():
     flags.APP_VERSION_CHECK = opts.app_version_check
     flags.API_VERSION_CHECK = opts.api_version_check
 
+    flags.CA_CERT_FILE = opts.ca_cert_file
+
     BaseConfig.standalone = standalone
 
     replace_stdout = True
diff --git a/src/leap/bitmask/config/flags.py b/src/leap/bitmask/config/flags.py
index 82501fb2..5d8bc9b3 100644
--- a/src/leap/bitmask/config/flags.py
+++ b/src/leap/bitmask/config/flags.py
@@ -45,3 +45,8 @@ API_VERSION_CHECK = True
 # Offline mode?
 # Used for skipping soledad bootstrapping/syncs.
 OFFLINE = False
+
+
+# CA cert path
+# used to allow self signed certs in requests that needs SSL
+CA_CERT_FILE = None
diff --git a/src/leap/bitmask/provider/providerbootstrapper.py b/src/leap/bitmask/provider/providerbootstrapper.py
index 654d1790..2a519206 100644
--- a/src/leap/bitmask/provider/providerbootstrapper.py
+++ b/src/leap/bitmask/provider/providerbootstrapper.py
@@ -99,9 +99,14 @@ class ProviderBootstrapper(AbstractBootstrapper):
         :rtype: bool or str
         """
         if self._bypass_checks:
-            verify = False
+            return False
+
+        cert = flags.CA_CERT_FILE
+        if cert is not None:
+            verify = cert
         else:
             verify = ca_bundle.where()
+
         return verify
 
     def _check_name_resolution(self):
diff --git a/src/leap/bitmask/util/leap_argparse.py b/src/leap/bitmask/util/leap_argparse.py
index 7f81881d..88267ff8 100644
--- a/src/leap/bitmask/util/leap_argparse.py
+++ b/src/leap/bitmask/util/leap_argparse.py
@@ -93,6 +93,12 @@ def build_parser():
                      "Use at your own risk!")
         parser.add_argument('--danger', action="store_true", help=help_text)
 
+    # optional cert file used to check domains with self signed certs.
+    parser.add_argument('--ca-cert-file', metavar="/path/to/cacert.pem",
+                        nargs='?', action="store", dest="ca_cert_file",
+                        help='Uses the given cert file to verify '
+                             'against domains.')
+
     # Not in use, we might want to reintroduce them.
     #parser.add_argument('-i', '--no-provider-checks',
                         #action="store_true", default=False,
-- 
cgit v1.2.3