summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/feature-5391_support-selfsigned-certs1
-rw-r--r--src/leap/bitmask/app.py2
-rw-r--r--src/leap/bitmask/config/flags.py5
-rw-r--r--src/leap/bitmask/provider/providerbootstrapper.py7
-rw-r--r--src/leap/bitmask/util/leap_argparse.py6
5 files changed, 20 insertions, 1 deletions
diff --git a/changes/feature-5391_support-selfsigned-certs b/changes/feature-5391_support-selfsigned-certs
new file mode 100644
index 00000000..58c68f23
--- /dev/null
+++ b/changes/feature-5391_support-selfsigned-certs
@@ -0,0 +1 @@
+- Add support for self signed certs. Closes #5391.
diff --git a/src/leap/bitmask/app.py b/src/leap/bitmask/app.py
index 124671b3..02e27123 100644
--- a/src/leap/bitmask/app.py
+++ b/src/leap/bitmask/app.py
@@ -214,6 +214,8 @@ def main():
flags.APP_VERSION_CHECK = opts.app_version_check
flags.API_VERSION_CHECK = opts.api_version_check
+ flags.CA_CERT_FILE = opts.ca_cert_file
+
BaseConfig.standalone = standalone
replace_stdout = True
diff --git a/src/leap/bitmask/config/flags.py b/src/leap/bitmask/config/flags.py
index 82501fb2..5d8bc9b3 100644
--- a/src/leap/bitmask/config/flags.py
+++ b/src/leap/bitmask/config/flags.py
@@ -45,3 +45,8 @@ API_VERSION_CHECK = True
# Offline mode?
# Used for skipping soledad bootstrapping/syncs.
OFFLINE = False
+
+
+# CA cert path
+# used to allow self signed certs in requests that needs SSL
+CA_CERT_FILE = None
diff --git a/src/leap/bitmask/provider/providerbootstrapper.py b/src/leap/bitmask/provider/providerbootstrapper.py
index 654d1790..2a519206 100644
--- a/src/leap/bitmask/provider/providerbootstrapper.py
+++ b/src/leap/bitmask/provider/providerbootstrapper.py
@@ -99,9 +99,14 @@ class ProviderBootstrapper(AbstractBootstrapper):
:rtype: bool or str
"""
if self._bypass_checks:
- verify = False
+ return False
+
+ cert = flags.CA_CERT_FILE
+ if cert is not None:
+ verify = cert
else:
verify = ca_bundle.where()
+
return verify
def _check_name_resolution(self):
diff --git a/src/leap/bitmask/util/leap_argparse.py b/src/leap/bitmask/util/leap_argparse.py
index 7f81881d..88267ff8 100644
--- a/src/leap/bitmask/util/leap_argparse.py
+++ b/src/leap/bitmask/util/leap_argparse.py
@@ -93,6 +93,12 @@ def build_parser():
"Use at your own risk!")
parser.add_argument('--danger', action="store_true", help=help_text)
+ # optional cert file used to check domains with self signed certs.
+ parser.add_argument('--ca-cert-file', metavar="/path/to/cacert.pem",
+ nargs='?', action="store", dest="ca_cert_file",
+ help='Uses the given cert file to verify '
+ 'against domains.')
+
# Not in use, we might want to reintroduce them.
#parser.add_argument('-i', '--no-provider-checks',
#action="store_true", default=False,