summaryrefslogtreecommitdiff
path: root/src/leap/common/http.py
AgeCommit message (Collapse)Author
2017-07-18raise if nonexisting pathKali Kaneko
2017-07-18[bug] remove unneeded importsKali Kaneko
2017-07-14[refactor] remove heuristic to check for usable platformRootKali Kaneko
the rationale here is that, in debian, certifi will always return a working platform trust, since the package points to the system certificates. in osx and windows, certifi will load an usable trustRoot that is kept up to date. another detail we didn't like about the heuristic is that the bundled certificate for testing will eventually expire, so that introduces the duty of keeping it up-to-date.
2017-07-11[feat] add fallback on trust sources for ssl verificationKali Kaneko
With the merge of platformTrust in twisted, the situation for cert chain verification in linux improved a lot. This patch implements fallbacks to do the following: - Try to use whatever trust sources are found in the system. This means that if ca-certificates is installed, pyopenssl will have a valid set of root certificates and verification will likely work (twisted uses platformTrust for this). - If that fails, try to use certifi. We could/should depend on that from now on, *but* it's not packaged before stretch. - So, I'm not deprecating its usage right now, but this one should be the last cacert.pem bundle that we ship with leap.common. - If the cacert.pem from leap.common fails to be found, well, there's nothing you can do. Your TOFU attempt with a cert coming from the CArtel will fail. Most of this MR should be sent as a patch upstream, see https://twistedmatrix.com/trac/ticket/6934 Also related: https://twistedmatrix.com/trac/ticket/9209 I think proper testing will depend on merging https://github.com/pyca/pyopenssl/pull/473 - Resolves: #8958 - Release: 0.6.0
2015-08-17[style] pep8 fixKali Kaneko
2015-08-17[feature] allow passing callback to http clientdrebs
2015-08-04[bug] HTTP timeout was not being cleared on abortBruno Wagner
In case the http client loses connection, it has to clear it's timeout or the reactor will be left in a dirty state Fixing this solves a problem with some of the tests in Soledad that were trying to run on a dirty reactor
2015-07-28[style] more pep8 cleanupKali Kaneko
2015-07-23[style] fixed pep8 warnings on http and test eventsBruno Wagner
2015-07-23[tests] implemented http feature according to testBruno Wagner
Two test cases were broken and were implemented here: The first was that HTTPClient should share the connection between clients if a pool was not passed explicitly. If you initialize an HTTPClient without a pool, it will reuse a pool created on the class. The second was that you should be able to pass to the HTTPCLient a pool on initialization. Added that possibility and fixed the tests accordingly
2015-07-23[style] Fixed pep8 warningsBruno Wagner
2015-07-22[bug] add http request timeoutdrebs
The connectTimeout parameter of twisted.web.client.Agent only acts on the connection setup, and the Agent will wait forever for incoming data after the connection has been established. This commit adds a timeout for the connection, and will cancel the deferred if the result has not been received after a certain number of seconds.
2015-07-22[feat] add close method for http agentdrebs
The ability to close cached connections is needed in order to have a clean reactor when the program ends.
2015-06-08[bug] Makes request method respect a hard limitVictor Shyba
Altough we specify maxPersistentPerHost, Twisted won't stop opening connections after that. This limit is used just to keep the size of persistent connections pool under control. Additional connections will be made as non persistent. So, if we ask 10000 requests, it will open 10000 connections immediately and leave 10 open after all finished. For checking this behavior, see getConnection from Twisted source: http://twistedmatrix.com/trac/browser/tags/releases/twisted-15.2.1/twisted/web/client.py#L1203 I tested this by using http_target from soledad without a local database to download all encrypted docs from one account with 1700 of them. The program just hangs and crashes with 1000+ connections and "Too many files open" warnings. With this fix, it was able to download normally, respecting the maxPersistentPerHost as a limiter. :)
2015-06-02[feat] Make it optional to have a dedicated poolVictor Shyba
As @meskio pointed out, some cases could need a dedicated pool with different parameters. This is a suggested implementation where the pool is reused by default, creating a dedicated one just if needed/asked. This way we ensure that resources are under control and special cases are still handled.
2015-06-02[bug] Use BrowserLikePolicyForHTTPS for checkingVictor Shyba
While testing the way that its implemented now, I found out that no check is being made on certificate attributes against the host. I found this simple way of creating a BrowserLikePolicyForHTTPS using a self signed cert and it worked on my test. I used test_https from Soledad for checking this (which we are fixing on another branch). Also, we don't want to depend on twisted for other things than leap.common.http.
2015-05-27[refactor] move http twisted code from soledadRuben Pollan
Implements an HTTP client the twisted way, with a focus on pinning the SSL certs. * Related: #6506