diff options
| -rw-r--r-- | src/leap/common/certs.py | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/src/leap/common/certs.py b/src/leap/common/certs.py index 37ede8e..c49015a 100644 --- a/src/leap/common/certs.py +++ b/src/leap/common/certs.py @@ -30,6 +30,8 @@ from leap.common.check import leap_assert logger = logging.getLogger(__name__) +SKIP_SSL_CHECK = os.environ.get('SKIP_TWISTED_SSL_CHECK', False) + def get_cert_from_string(string): """ @@ -182,10 +184,25 @@ def should_redownload(certfile, now=time.gmtime): def get_compatible_ssl_context_factory(cert_path=None): import twisted + from twisted.internet import ssl cert = None + + if SKIP_SSL_CHECK: + # This should be used *only* for testing purposes. + + class WebClientContextFactory(ssl.ClientContextFactory): + """ + A web context factory which ignores the hostname and port and does no + certificate verification. + """ + def getContext(self, hostname, port): + return ssl.ClientContextFactory.getContext(self) + + contextFactory = WebClientContextFactory() + return contextFactory + if twisted.version.base() > '14.0.1': from twisted.web.client import BrowserLikePolicyForHTTPS - from twisted.internet import ssl if cert_path: cert = ssl.Certificate.loadPEM(open(cert_path).read()) policy = BrowserLikePolicyForHTTPS(cert) |