added --no-provider-checks and --no-ca-verify for ease of debugging

Close #604
author: kali <kali@leap.se> 2012-09-21 06:32:40 +0900
committer: kali <kali@leap.se> 2012-09-21 06:37:47 +0900
commit: d1ebe98239fbc2baffa345558d396fa539e79202 (patch)
tree: 1b0368105bdccee7a7a411b7a6b23ad89392e472 /src/leap/eip
parent: 1ad0ef0a6e428ed37fe76ba91660db0bae7af857 (diff)
2 files changed, 15 insertions, 9 deletions
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index cf758314..ef09a582 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -135,10 +135,12 @@ class ProviderCertChecker(object):
         self.fetcher = fetcher
         self.cacert = get_ca_cert()
 
-    def run_all(self, checker=None, skip_download=False):
+    def run_all(self, checker=None, skip_download=False, skip_verify=False):
         if not checker:
             checker = self
 
+        do_verify = not skip_verify
+        logger.debug('do_verify: %s', do_verify)
         # For MVS+
         # checker.download_ca_cert()
         # checker.download_ca_signature()
@@ -149,8 +151,8 @@ class ProviderCertChecker(object):
         checker.is_there_provider_ca()
 
         # XXX FAKE IT!!!
-        checker.is_https_working(verify=False)
-        checker.check_new_cert_needed(verify=False)
+        checker.is_https_working(verify=do_verify)
+        checker.check_new_cert_needed(verify=do_verify)
 
     def download_ca_cert(self):
         # MVS+
@@ -183,17 +185,21 @@ class ProviderCertChecker(object):
         if uri is None:
             uri = self._get_root_uri()
         # XXX raise InsecureURI or something better
-        logger.debug('is https working?')
-        logger.debug('uri: %s', uri)
         assert uri.startswith('https')
         if verify is True and self.cacert is not None:
             logger.debug('verify cert: %s', self.cacert)
             verify = self.cacert
+        logger.debug('is https working?')
+        logger.debug('uri: %s (verify:%s)', uri, verify)
         try:
             self.fetcher.get(uri, verify=verify)
-        except requests.exceptions.SSLError:
-            logger.debug('False!')
+        except requests.exceptions.SSLError as exc:
+            logger.warning('False! CERT VERIFICATION FAILED! '
+                           '(this should be CRITICAL)')
+            logger.warning('SSLError: %s', exc.message)
             raise eipexceptions.EIPBadCertError
+        # XXX get requests.exceptions.ConnectionError Errno 110
+        # Connection timed out, and raise ours.
         else:
             logger.debug('True')
             return True
diff --git a/src/leap/eip/eipconnection.py b/src/leap/eip/eipconnection.py
index 4e240f16..f0a98d8c 100644
--- a/src/leap/eip/eipconnection.py
+++ b/src/leap/eip/eipconnection.py
@@ -46,7 +46,7 @@ class EIPConnection(OpenVPNConnection):
     def has_errors(self):
         return True if self.error_queue.qsize() != 0 else False
 
-    def run_checks(self, skip_download=False):
+    def run_checks(self, skip_download=False, skip_verify=False):
         """
         run all eip checks previous to attempting a connection
         """
@@ -59,7 +59,7 @@ class EIPConnection(OpenVPNConnection):
 
         try:
             # network (1)
-            self.provider_cert_checker.run_all()
+            self.provider_cert_checker.run_all(skip_verify=skip_verify)
         except Exception as exc:
             push_err(exc)
         try:
author	kali <kali@leap.se>	2012-09-21 06:32:40 +0900
committer	kali <kali@leap.se>	2012-09-21 06:37:47 +0900
commit	d1ebe98239fbc2baffa345558d396fa539e79202 (patch)
tree	1b0368105bdccee7a7a411b7a6b23ad89392e472 /src/leap/eip
parent	1ad0ef0a6e428ed37fe76ba91660db0bae7af857 (diff)