summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2015-11-11 16:21:07 -0400
committerKali Kaneko <kali@leap.se>2015-11-11 16:21:07 -0400
commit10fc614938936652987620571e7b59ce022e8ab5 (patch)
tree696e0f5baae97299f6144468b3870f928414ca8d /src
parente074eac10c6e08757857c770cb190cdb9d3a4583 (diff)
parente5796bf55e3db177ee567118519136fd96ada3c4 (diff)
Merge tag '0.5.0' into debian/experimental
Tag leap.common version 0.5.0
Diffstat (limited to 'src')
-rw-r--r--src/leap/common/certs.py19
1 files changed, 18 insertions, 1 deletions
diff --git a/src/leap/common/certs.py b/src/leap/common/certs.py
index 37ede8e..c49015a 100644
--- a/src/leap/common/certs.py
+++ b/src/leap/common/certs.py
@@ -30,6 +30,8 @@ from leap.common.check import leap_assert
logger = logging.getLogger(__name__)
+SKIP_SSL_CHECK = os.environ.get('SKIP_TWISTED_SSL_CHECK', False)
+
def get_cert_from_string(string):
"""
@@ -182,10 +184,25 @@ def should_redownload(certfile, now=time.gmtime):
def get_compatible_ssl_context_factory(cert_path=None):
import twisted
+ from twisted.internet import ssl
cert = None
+
+ if SKIP_SSL_CHECK:
+ # This should be used *only* for testing purposes.
+
+ class WebClientContextFactory(ssl.ClientContextFactory):
+ """
+ A web context factory which ignores the hostname and port and does no
+ certificate verification.
+ """
+ def getContext(self, hostname, port):
+ return ssl.ClientContextFactory.getContext(self)
+
+ contextFactory = WebClientContextFactory()
+ return contextFactory
+
if twisted.version.base() > '14.0.1':
from twisted.web.client import BrowserLikePolicyForHTTPS
- from twisted.internet import ssl
if cert_path:
cert = ssl.Certificate.loadPEM(open(cert_path).read())
policy = BrowserLikePolicyForHTTPS(cert)