diff options
| author | Tomás Touceda <chiiph@leap.se> | 2014-04-02 16:03:02 -0300 |
|---|---|---|
| committer | Tomás Touceda <chiiph@leap.se> | 2014-04-02 16:03:02 -0300 |
| commit | 2468b0eda7db1169d44a95f4c71c8cee323dfcf3 (patch) | |
| tree | 46d35c93fbb8030eb0da0bceff776c47825e350d | |
| parent | f33cbc3a7e92ce742ee213018d16152f4996b64e (diff) | |
| parent | 5b21dfa2ca18ef4840d908b27228f55b8e65b172 (diff) | |
Merge remote-tracking branch 'refs/remotes/ivan/feature/5391_support-selfsigned-certs' into develop
| -rw-r--r-- | changes/feature-5391_support-selfsigned-certs | 1 | ||||
| -rw-r--r-- | src/leap/bitmask/app.py | 2 | ||||
| -rw-r--r-- | src/leap/bitmask/config/flags.py | 5 | ||||
| -rw-r--r-- | src/leap/bitmask/provider/providerbootstrapper.py | 7 | ||||
| -rw-r--r-- | src/leap/bitmask/util/leap_argparse.py | 13 |
5 files changed, 24 insertions, 4 deletions
diff --git a/changes/feature-5391_support-selfsigned-certs b/changes/feature-5391_support-selfsigned-certs new file mode 100644 index 00000000..58c68f23 --- /dev/null +++ b/changes/feature-5391_support-selfsigned-certs @@ -0,0 +1 @@ +- Add support for self signed certs. Closes #5391. diff --git a/src/leap/bitmask/app.py b/src/leap/bitmask/app.py index 124671b3..02e27123 100644 --- a/src/leap/bitmask/app.py +++ b/src/leap/bitmask/app.py @@ -214,6 +214,8 @@ def main(): flags.APP_VERSION_CHECK = opts.app_version_check flags.API_VERSION_CHECK = opts.api_version_check + flags.CA_CERT_FILE = opts.ca_cert_file + BaseConfig.standalone = standalone replace_stdout = True diff --git a/src/leap/bitmask/config/flags.py b/src/leap/bitmask/config/flags.py index 82501fb2..5d8bc9b3 100644 --- a/src/leap/bitmask/config/flags.py +++ b/src/leap/bitmask/config/flags.py @@ -45,3 +45,8 @@ API_VERSION_CHECK = True # Offline mode? # Used for skipping soledad bootstrapping/syncs. OFFLINE = False + + +# CA cert path +# used to allow self signed certs in requests that needs SSL +CA_CERT_FILE = None diff --git a/src/leap/bitmask/provider/providerbootstrapper.py b/src/leap/bitmask/provider/providerbootstrapper.py index 654d1790..2a519206 100644 --- a/src/leap/bitmask/provider/providerbootstrapper.py +++ b/src/leap/bitmask/provider/providerbootstrapper.py @@ -99,9 +99,14 @@ class ProviderBootstrapper(AbstractBootstrapper): :rtype: bool or str """ if self._bypass_checks: - verify = False + return False + + cert = flags.CA_CERT_FILE + if cert is not None: + verify = cert else: verify = ca_bundle.where() + return verify def _check_name_resolution(self): diff --git a/src/leap/bitmask/util/leap_argparse.py b/src/leap/bitmask/util/leap_argparse.py index 56bf26dc..88267ff8 100644 --- a/src/leap/bitmask/util/leap_argparse.py +++ b/src/leap/bitmask/util/leap_argparse.py @@ -27,9 +27,10 @@ def build_parser(): All the options for the leap arg parser Some of these could be switched on only if debug flag is present! """ - epilog = "Copyright 2012-2014 The LEAP Encryption Access Project" - parser = argparse.ArgumentParser(description=""" -Launches the Bitmask client.""", epilog=epilog) + parser = argparse.ArgumentParser( + description="Launches the Bitmask client.", + epilog="Copyright 2012-2014 The LEAP Encryption Access Project") + parser.add_argument('-d', '--debug', action="store_true", help=("Launches Bitmask in debug mode, writing debug " "info to stdout.")) @@ -92,6 +93,12 @@ Launches the Bitmask client.""", epilog=epilog) "Use at your own risk!") parser.add_argument('--danger', action="store_true", help=help_text) + # optional cert file used to check domains with self signed certs. + parser.add_argument('--ca-cert-file', metavar="/path/to/cacert.pem", + nargs='?', action="store", dest="ca_cert_file", + help='Uses the given cert file to verify ' + 'against domains.') + # Not in use, we might want to reintroduce them. #parser.add_argument('-i', '--no-provider-checks', #action="store_true", default=False, |