summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorKali Kaneko <kali@leap.se>2015-11-10 23:47:19 -0400
committerKali Kaneko <kali@leap.se>2015-11-11 00:15:58 -0400
commite1702116b87dfdb5a10169194f62c00a0b4acb9d (patch)
tree1f51355760766bc5a65d171ef6eb0a3a8824eb60 /src
parent0c0755b8e821100324d98fb082067a91fd63a3bf (diff)
[feature] add variable to skip twisted version
Diffstat (limited to 'src')
-rw-r--r--src/leap/common/certs.py19
1 files changed, 18 insertions, 1 deletions
diff --git a/src/leap/common/certs.py b/src/leap/common/certs.py
index 37ede8e..c49015a 100644
--- a/src/leap/common/certs.py
+++ b/src/leap/common/certs.py
@@ -30,6 +30,8 @@ from leap.common.check import leap_assert
logger = logging.getLogger(__name__)
+SKIP_SSL_CHECK = os.environ.get('SKIP_TWISTED_SSL_CHECK', False)
+
def get_cert_from_string(string):
"""
@@ -182,10 +184,25 @@ def should_redownload(certfile, now=time.gmtime):
def get_compatible_ssl_context_factory(cert_path=None):
import twisted
+ from twisted.internet import ssl
cert = None
+
+ if SKIP_SSL_CHECK:
+ # This should be used *only* for testing purposes.
+
+ class WebClientContextFactory(ssl.ClientContextFactory):
+ """
+ A web context factory which ignores the hostname and port and does no
+ certificate verification.
+ """
+ def getContext(self, hostname, port):
+ return ssl.ClientContextFactory.getContext(self)
+
+ contextFactory = WebClientContextFactory()
+ return contextFactory
+
if twisted.version.base() > '14.0.1':
from twisted.web.client import BrowserLikePolicyForHTTPS
- from twisted.internet import ssl
if cert_path:
cert = ssl.Certificate.loadPEM(open(cert_path).read())
policy = BrowserLikePolicyForHTTPS(cert)