diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/leap/eip/checks.py | 16 | ||||
-rw-r--r-- | src/leap/gui/firstrun/providerselect.py | 2 | ||||
-rw-r--r-- | src/leap/util/certs.py | 17 |
3 files changed, 30 insertions, 5 deletions
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py index bd158e1e..cc395bcb 100644 --- a/src/leap/eip/checks.py +++ b/src/leap/eip/checks.py @@ -3,6 +3,7 @@ import logging #import platform import time import os +import sys import gnutls.crypto #import netifaces @@ -20,6 +21,7 @@ from leap.eip import config as eipconfig from leap.eip import constants as eipconstants from leap.eip import exceptions as eipexceptions from leap.eip import specs as eipspecs +from leap.util.certs import get_mac_cabundle from leap.util.fileutil import mkdir_p from leap.util.web import get_https_domain_and_port from leap.util.misc import null_check @@ -165,13 +167,15 @@ class ProviderCertChecker(object): if autocacert and verify is True and self.cacert is not None: logger.debug('verify cert: %s', self.cacert) verify = self.cacert + if sys.platform == "darwin": + verify = get_mac_cabundle() logger.debug('checking https connection') logger.debug('uri: %s (verify:%s)', uri, verify) + try: self.fetcher.get(uri, verify=verify) - except requests.exceptions.SSLError: # as exc: - logger.error("SSLError") + except requests.exceptions.SSLError as exc: raise eipexceptions.HttpsBadCertError except requests.exceptions.ConnectionError: @@ -448,9 +452,15 @@ class EIPConfigChecker(object): domain = config.get('provider', None) uri = self._get_provider_definition_uri(domain=domain) + if sys.platform == "darwin": + verify = get_mac_cabundle() + else: + verify = True + self.defaultprovider.load( from_uri=uri, - fetcher=self.fetcher) + fetcher=self.fetcher, + verify=verify) self.defaultprovider.save() def fetch_eip_service_config(self, skip_download=False, diff --git a/src/leap/gui/firstrun/providerselect.py b/src/leap/gui/firstrun/providerselect.py index 28fb829c..ccecd519 100644 --- a/src/leap/gui/firstrun/providerselect.py +++ b/src/leap/gui/firstrun/providerselect.py @@ -287,8 +287,6 @@ class SelectProviderPage(InlineValidationPage): wizard.set_providerconfig( eipconfigchecker.defaultprovider.config) except requests.exceptions.SSLError: - # XXX we should have catched this before. - # but cert checking is broken. return self.fail(self.tr( "Could not get info from provider.")) except requests.exceptions.ConnectionError: diff --git a/src/leap/util/certs.py b/src/leap/util/certs.py new file mode 100644 index 00000000..304db08a --- /dev/null +++ b/src/leap/util/certs.py @@ -0,0 +1,17 @@ +import os +import logging + +logger = logging.getLogger(__name__) + + +def get_mac_cabundle(): + # hackaround bundle error + # XXX this needs a better fix! + f = os.path.split(__file__)[0] + sep = os.path.sep + f_ = sep.join(f.split(sep)[:-2]) + verify = os.path.join(f_, 'cacert.pem') + #logger.error('VERIFY PATH = %s' % verify) + exists = os.path.isfile(verify) + #logger.error('do exist? %s', exists) + return verify |