summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/leap/eip/checks.py16
-rw-r--r--src/leap/gui/firstrun/providerselect.py2
-rw-r--r--src/leap/util/certs.py17
3 files changed, 30 insertions, 5 deletions
diff --git a/src/leap/eip/checks.py b/src/leap/eip/checks.py
index bd158e1e..cc395bcb 100644
--- a/src/leap/eip/checks.py
+++ b/src/leap/eip/checks.py
@@ -3,6 +3,7 @@ import logging
#import platform
import time
import os
+import sys
import gnutls.crypto
#import netifaces
@@ -20,6 +21,7 @@ from leap.eip import config as eipconfig
from leap.eip import constants as eipconstants
from leap.eip import exceptions as eipexceptions
from leap.eip import specs as eipspecs
+from leap.util.certs import get_mac_cabundle
from leap.util.fileutil import mkdir_p
from leap.util.web import get_https_domain_and_port
from leap.util.misc import null_check
@@ -165,13 +167,15 @@ class ProviderCertChecker(object):
if autocacert and verify is True and self.cacert is not None:
logger.debug('verify cert: %s', self.cacert)
verify = self.cacert
+ if sys.platform == "darwin":
+ verify = get_mac_cabundle()
logger.debug('checking https connection')
logger.debug('uri: %s (verify:%s)', uri, verify)
+
try:
self.fetcher.get(uri, verify=verify)
- except requests.exceptions.SSLError: # as exc:
- logger.error("SSLError")
+ except requests.exceptions.SSLError as exc:
raise eipexceptions.HttpsBadCertError
except requests.exceptions.ConnectionError:
@@ -448,9 +452,15 @@ class EIPConfigChecker(object):
domain = config.get('provider', None)
uri = self._get_provider_definition_uri(domain=domain)
+ if sys.platform == "darwin":
+ verify = get_mac_cabundle()
+ else:
+ verify = True
+
self.defaultprovider.load(
from_uri=uri,
- fetcher=self.fetcher)
+ fetcher=self.fetcher,
+ verify=verify)
self.defaultprovider.save()
def fetch_eip_service_config(self, skip_download=False,
diff --git a/src/leap/gui/firstrun/providerselect.py b/src/leap/gui/firstrun/providerselect.py
index 28fb829c..ccecd519 100644
--- a/src/leap/gui/firstrun/providerselect.py
+++ b/src/leap/gui/firstrun/providerselect.py
@@ -287,8 +287,6 @@ class SelectProviderPage(InlineValidationPage):
wizard.set_providerconfig(
eipconfigchecker.defaultprovider.config)
except requests.exceptions.SSLError:
- # XXX we should have catched this before.
- # but cert checking is broken.
return self.fail(self.tr(
"Could not get info from provider."))
except requests.exceptions.ConnectionError:
diff --git a/src/leap/util/certs.py b/src/leap/util/certs.py
new file mode 100644
index 00000000..304db08a
--- /dev/null
+++ b/src/leap/util/certs.py
@@ -0,0 +1,17 @@
+import os
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+def get_mac_cabundle():
+ # hackaround bundle error
+ # XXX this needs a better fix!
+ f = os.path.split(__file__)[0]
+ sep = os.path.sep
+ f_ = sep.join(f.split(sep)[:-2])
+ verify = os.path.join(f_, 'cacert.pem')
+ #logger.error('VERIFY PATH = %s' % verify)
+ exists = os.path.isfile(verify)
+ #logger.error('do exist? %s', exists)
+ return verify