From cebbb1eaee51ad9a7e57016dfc62d53888bc5bd4 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Tue, 1 Apr 2014 17:03:08 -0300 Subject: Cleanup strings. --- src/leap/bitmask/util/leap_argparse.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/leap/bitmask/util/leap_argparse.py b/src/leap/bitmask/util/leap_argparse.py index 56bf26dc..7f81881d 100644 --- a/src/leap/bitmask/util/leap_argparse.py +++ b/src/leap/bitmask/util/leap_argparse.py @@ -27,9 +27,10 @@ def build_parser(): All the options for the leap arg parser Some of these could be switched on only if debug flag is present! """ - epilog = "Copyright 2012-2014 The LEAP Encryption Access Project" - parser = argparse.ArgumentParser(description=""" -Launches the Bitmask client.""", epilog=epilog) + parser = argparse.ArgumentParser( + description="Launches the Bitmask client.", + epilog="Copyright 2012-2014 The LEAP Encryption Access Project") + parser.add_argument('-d', '--debug', action="store_true", help=("Launches Bitmask in debug mode, writing debug " "info to stdout.")) -- cgit v1.2.3 From 5b21dfa2ca18ef4840d908b27228f55b8e65b172 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Tue, 1 Apr 2014 17:03:14 -0300 Subject: Add support for self signed certs. Closes #5391. --- changes/feature-5391_support-selfsigned-certs | 1 + src/leap/bitmask/app.py | 2 ++ src/leap/bitmask/config/flags.py | 5 +++++ src/leap/bitmask/provider/providerbootstrapper.py | 7 ++++++- src/leap/bitmask/util/leap_argparse.py | 6 ++++++ 5 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 changes/feature-5391_support-selfsigned-certs diff --git a/changes/feature-5391_support-selfsigned-certs b/changes/feature-5391_support-selfsigned-certs new file mode 100644 index 00000000..58c68f23 --- /dev/null +++ b/changes/feature-5391_support-selfsigned-certs @@ -0,0 +1 @@ +- Add support for self signed certs. Closes #5391. diff --git a/src/leap/bitmask/app.py b/src/leap/bitmask/app.py index 124671b3..02e27123 100644 --- a/src/leap/bitmask/app.py +++ b/src/leap/bitmask/app.py @@ -214,6 +214,8 @@ def main(): flags.APP_VERSION_CHECK = opts.app_version_check flags.API_VERSION_CHECK = opts.api_version_check + flags.CA_CERT_FILE = opts.ca_cert_file + BaseConfig.standalone = standalone replace_stdout = True diff --git a/src/leap/bitmask/config/flags.py b/src/leap/bitmask/config/flags.py index 82501fb2..5d8bc9b3 100644 --- a/src/leap/bitmask/config/flags.py +++ b/src/leap/bitmask/config/flags.py @@ -45,3 +45,8 @@ API_VERSION_CHECK = True # Offline mode? # Used for skipping soledad bootstrapping/syncs. OFFLINE = False + + +# CA cert path +# used to allow self signed certs in requests that needs SSL +CA_CERT_FILE = None diff --git a/src/leap/bitmask/provider/providerbootstrapper.py b/src/leap/bitmask/provider/providerbootstrapper.py index 654d1790..2a519206 100644 --- a/src/leap/bitmask/provider/providerbootstrapper.py +++ b/src/leap/bitmask/provider/providerbootstrapper.py @@ -99,9 +99,14 @@ class ProviderBootstrapper(AbstractBootstrapper): :rtype: bool or str """ if self._bypass_checks: - verify = False + return False + + cert = flags.CA_CERT_FILE + if cert is not None: + verify = cert else: verify = ca_bundle.where() + return verify def _check_name_resolution(self): diff --git a/src/leap/bitmask/util/leap_argparse.py b/src/leap/bitmask/util/leap_argparse.py index 7f81881d..88267ff8 100644 --- a/src/leap/bitmask/util/leap_argparse.py +++ b/src/leap/bitmask/util/leap_argparse.py @@ -93,6 +93,12 @@ def build_parser(): "Use at your own risk!") parser.add_argument('--danger', action="store_true", help=help_text) + # optional cert file used to check domains with self signed certs. + parser.add_argument('--ca-cert-file', metavar="/path/to/cacert.pem", + nargs='?', action="store", dest="ca_cert_file", + help='Uses the given cert file to verify ' + 'against domains.') + # Not in use, we might want to reintroduce them. #parser.add_argument('-i', '--no-provider-checks', #action="store_true", default=False, -- cgit v1.2.3