diff options
Diffstat (limited to 'src/leap/eip')
-rw-r--r-- | src/leap/eip/checks.py | 20 | ||||
-rw-r--r-- | src/leap/eip/eipconnection.py | 4 |
2 files changed, 15 insertions, 9 deletions
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py index cf758314..ef09a582 100644 --- a/src/leap/eip/checks.py +++ b/src/leap/eip/checks.py @@ -135,10 +135,12 @@ class ProviderCertChecker(object): self.fetcher = fetcher self.cacert = get_ca_cert() - def run_all(self, checker=None, skip_download=False): + def run_all(self, checker=None, skip_download=False, skip_verify=False): if not checker: checker = self + do_verify = not skip_verify + logger.debug('do_verify: %s', do_verify) # For MVS+ # checker.download_ca_cert() # checker.download_ca_signature() @@ -149,8 +151,8 @@ class ProviderCertChecker(object): checker.is_there_provider_ca() # XXX FAKE IT!!! - checker.is_https_working(verify=False) - checker.check_new_cert_needed(verify=False) + checker.is_https_working(verify=do_verify) + checker.check_new_cert_needed(verify=do_verify) def download_ca_cert(self): # MVS+ @@ -183,17 +185,21 @@ class ProviderCertChecker(object): if uri is None: uri = self._get_root_uri() # XXX raise InsecureURI or something better - logger.debug('is https working?') - logger.debug('uri: %s', uri) assert uri.startswith('https') if verify is True and self.cacert is not None: logger.debug('verify cert: %s', self.cacert) verify = self.cacert + logger.debug('is https working?') + logger.debug('uri: %s (verify:%s)', uri, verify) try: self.fetcher.get(uri, verify=verify) - except requests.exceptions.SSLError: - logger.debug('False!') + except requests.exceptions.SSLError as exc: + logger.warning('False! CERT VERIFICATION FAILED! ' + '(this should be CRITICAL)') + logger.warning('SSLError: %s', exc.message) raise eipexceptions.EIPBadCertError + # XXX get requests.exceptions.ConnectionError Errno 110 + # Connection timed out, and raise ours. else: logger.debug('True') return True diff --git a/src/leap/eip/eipconnection.py b/src/leap/eip/eipconnection.py index 4e240f16..f0a98d8c 100644 --- a/src/leap/eip/eipconnection.py +++ b/src/leap/eip/eipconnection.py @@ -46,7 +46,7 @@ class EIPConnection(OpenVPNConnection): def has_errors(self): return True if self.error_queue.qsize() != 0 else False - def run_checks(self, skip_download=False): + def run_checks(self, skip_download=False, skip_verify=False): """ run all eip checks previous to attempting a connection """ @@ -59,7 +59,7 @@ class EIPConnection(OpenVPNConnection): try: # network (1) - self.provider_cert_checker.run_all() + self.provider_cert_checker.run_all(skip_verify=skip_verify) except Exception as exc: push_err(exc) try: |