summaryrefslogtreecommitdiff
path: root/src/leap/eip
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/eip')
-rw-r--r--src/leap/eip/checks.py20
-rw-r--r--src/leap/eip/eipconnection.py4
2 files changed, 15 insertions, 9 deletions
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index cf758314..ef09a582 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -135,10 +135,12 @@ class ProviderCertChecker(object):
self.fetcher = fetcher
self.cacert = get_ca_cert()
- def run_all(self, checker=None, skip_download=False):
+ def run_all(self, checker=None, skip_download=False, skip_verify=False):
if not checker:
checker = self
+ do_verify = not skip_verify
+ logger.debug('do_verify: %s', do_verify)
# For MVS+
# checker.download_ca_cert()
# checker.download_ca_signature()
@@ -149,8 +151,8 @@ class ProviderCertChecker(object):
checker.is_there_provider_ca()
# XXX FAKE IT!!!
- checker.is_https_working(verify=False)
- checker.check_new_cert_needed(verify=False)
+ checker.is_https_working(verify=do_verify)
+ checker.check_new_cert_needed(verify=do_verify)
def download_ca_cert(self):
# MVS+
@@ -183,17 +185,21 @@ class ProviderCertChecker(object):
if uri is None:
uri = self._get_root_uri()
# XXX raise InsecureURI or something better
- logger.debug('is https working?')
- logger.debug('uri: %s', uri)
assert uri.startswith('https')
if verify is True and self.cacert is not None:
logger.debug('verify cert: %s', self.cacert)
verify = self.cacert
+ logger.debug('is https working?')
+ logger.debug('uri: %s (verify:%s)', uri, verify)
try:
self.fetcher.get(uri, verify=verify)
- except requests.exceptions.SSLError:
- logger.debug('False!')
+ except requests.exceptions.SSLError as exc:
+ logger.warning('False! CERT VERIFICATION FAILED! '
+ '(this should be CRITICAL)')
+ logger.warning('SSLError: %s', exc.message)
raise eipexceptions.EIPBadCertError
+ # XXX get requests.exceptions.ConnectionError Errno 110
+ # Connection timed out, and raise ours.
else:
logger.debug('True')
return True
diff --git a/src/leap/eip/eipconnection.py b/src/leap/eip/eipconnection.py
index 4e240f16..f0a98d8c 100644
--- a/src/leap/eip/eipconnection.py
+++ b/src/leap/eip/eipconnection.py
@@ -46,7 +46,7 @@ class EIPConnection(OpenVPNConnection):
def has_errors(self):
return True if self.error_queue.qsize() != 0 else False
- def run_checks(self, skip_download=False):
+ def run_checks(self, skip_download=False, skip_verify=False):
"""
run all eip checks previous to attempting a connection
"""
@@ -59,7 +59,7 @@ class EIPConnection(OpenVPNConnection):
try:
# network (1)
- self.provider_cert_checker.run_all()
+ self.provider_cert_checker.run_all(skip_verify=skip_verify)
except Exception as exc:
push_err(exc)
try: