2 files changed, 20 insertions, 3 deletions

diff --git a/src/leap/common/_version.py b/src/leap/common/_version.py
index f5738ea..2f2cac0 100644
--- a/src/leap/common/_version.py
+++ b/src/leap/common/_version.py
@@ -5,8 +5,8 @@
 # unpacked source archive. Distribution tarballs contain a pre-generated copy
 # of this file.
 
-version_version = '0.4.4'
-version_full = 'ee0e9cadccd00cb62032d8fc4b322bb6fe3dc7ed'
+version_version = '0.5.0'
+version_full = 'dd032e7374fa137a8613c2392d744b9b16280fca'
 
 
 def get_versions(default={}, verbose=False):
diff --git a/src/leap/common/certs.py b/src/leap/common/certs.py
index 37ede8e..c49015a 100644
--- a/src/leap/common/certs.py
+++ b/src/leap/common/certs.py
@@ -30,6 +30,8 @@ from leap.common.check import leap_assert
 
 logger = logging.getLogger(__name__)
 
+SKIP_SSL_CHECK = os.environ.get('SKIP_TWISTED_SSL_CHECK', False)
+
 
 def get_cert_from_string(string):
     """
@@ -182,10 +184,25 @@ def should_redownload(certfile, now=time.gmtime):
 
 def get_compatible_ssl_context_factory(cert_path=None):
     import twisted
+    from twisted.internet import ssl
     cert = None
+
+    if SKIP_SSL_CHECK:
+        # This should be used *only* for testing purposes.
+
+        class WebClientContextFactory(ssl.ClientContextFactory):
+            """
+            A web context factory which ignores the hostname and port and does no
+            certificate verification.
+            """
+            def getContext(self, hostname, port):
+                return ssl.ClientContextFactory.getContext(self)
+
+        contextFactory = WebClientContextFactory()
+        return contextFactory
+
     if twisted.version.base() > '14.0.1':
         from twisted.web.client import BrowserLikePolicyForHTTPS
-        from twisted.internet import ssl
         if cert_path:
             cert = ssl.Certificate.loadPEM(open(cert_path).read())
         policy = BrowserLikePolicyForHTTPS(cert)