diff options
Diffstat (limited to 'service/pixelated/support')
-rw-r--r-- | service/pixelated/support/ext_requests_urllib3.py | 107 | ||||
-rw-r--r-- | service/pixelated/support/tls_adapter.py | 2 |
2 files changed, 56 insertions, 53 deletions
diff --git a/service/pixelated/support/ext_requests_urllib3.py b/service/pixelated/support/ext_requests_urllib3.py index a836d6fd..c4ec2438 100644 --- a/service/pixelated/support/ext_requests_urllib3.py +++ b/service/pixelated/support/ext_requests_urllib3.py @@ -15,65 +15,68 @@ # along with Pixelated. If not, see <http://www.gnu.org/licenses/>. import requests -import requests.packages.urllib3.connectionpool -from socket import error as SocketError, timeout as SocketTimeout -from requests.packages.urllib3.packages.ssl_match_hostname import CertificateError, match_hostname -import socket -import ssl -from requests.packages.urllib3.exceptions import ( - ClosedPoolError, - ConnectTimeoutError, - EmptyPoolError, - HostChangedError, - MaxRetryError, - SSLError, - ReadTimeoutError, - ProxyError, -) -from requests.packages.urllib3.util import ( - assert_fingerprint, - get_host, - is_connection_dropped, - resolve_cert_reqs, - resolve_ssl_version, - ssl_wrap_socket, - Timeout, -) +if requests.__version__ == '2.0.0': + try: + import requests.packages.urllib3.connectionpool + from socket import error as SocketError, timeout as SocketTimeout + from requests.packages.urllib3.packages.ssl_match_hostname import CertificateError, match_hostname + import socket + import ssl + from requests.packages.urllib3.exceptions import ( + ClosedPoolError, + ConnectTimeoutError, + EmptyPoolError, + HostChangedError, + MaxRetryError, + SSLError, + ReadTimeoutError, + ProxyError, + ) -def patched_connect(self): - # Add certificate verification - try: - sock = socket.create_connection(address=(self.host, self.port), timeout=self.timeout) - except SocketTimeout: - raise ConnectTimeoutError(self, "Connection to %s timed out. (connect timeout=%s)" % (self.host, self.timeout)) + from requests.packages.urllib3.util import ( + assert_fingerprint, + get_host, + is_connection_dropped, + resolve_cert_reqs, + resolve_ssl_version, + ssl_wrap_socket, + Timeout, + ) - resolved_cert_reqs = resolve_cert_reqs(self.cert_reqs) - resolved_ssl_version = resolve_ssl_version(self.ssl_version) + def patched_connect(self): + # Add certificate verification + try: + sock = socket.create_connection(address=(self.host, self.port), timeout=self.timeout) + except SocketTimeout: + raise ConnectTimeoutError(self, "Connection to %s timed out. (connect timeout=%s)" % (self.host, self.timeout)) - if self._tunnel_host: - self.sock = sock - # Calls self._set_hostport(), so self.host is - # self._tunnel_host below. - self._tunnel() + resolved_cert_reqs = resolve_cert_reqs(self.cert_reqs) + resolved_ssl_version = resolve_ssl_version(self.ssl_version) - # Wrap socket using verification with the root certs in - # trusted_root_certs - self.sock = ssl_wrap_socket(sock, self.key_file, self.cert_file, - cert_reqs=resolved_cert_reqs, - ca_certs=self.ca_certs, - server_hostname=self.host, - ssl_version=resolved_ssl_version) + if self._tunnel_host: + self.sock = sock + # Calls self._set_hostport(), so self.host is + # self._tunnel_host below. + self._tunnel() - if self.assert_fingerprint: - assert_fingerprint(self.sock.getpeercert(binary_form=True), - self.assert_fingerprint) - elif resolved_cert_reqs != ssl.CERT_NONE and self.assert_hostname is not False: - match_hostname(self.sock.getpeercert(), - self.assert_hostname or self.host) + # Wrap socket using verification with the root certs in + # trusted_root_certs + self.sock = ssl_wrap_socket(sock, self.key_file, self.cert_file, + cert_reqs=resolved_cert_reqs, + ca_certs=self.ca_certs, + server_hostname=self.host, + ssl_version=resolved_ssl_version) + if self.assert_fingerprint: + assert_fingerprint(self.sock.getpeercert(binary_form=True), + self.assert_fingerprint) + elif resolved_cert_reqs != ssl.CERT_NONE and self.assert_hostname is not False: + match_hostname(self.sock.getpeercert(), + self.assert_hostname or self.host) -if requests.__version__ == '2.0.0': - requests.packages.urllib3.connectionpool.VerifiedHTTPSConnection.connect = patched_connect + requests.packages.urllib3.connectionpool.VerifiedHTTPSConnection.connect = patched_connect + except ImportError: + pass # The patch is specific for the debian package. Ignore it if it can't be found diff --git a/service/pixelated/support/tls_adapter.py b/service/pixelated/support/tls_adapter.py index f543bf4d..301a2123 100644 --- a/service/pixelated/support/tls_adapter.py +++ b/service/pixelated/support/tls_adapter.py @@ -41,7 +41,7 @@ class EnforceTLSv1Adapter(HTTPAdapter): def init_poolmanager(self, connections, maxsize, block=False): self.poolmanager = PoolManager(num_pools=connections, maxsize=maxsize, - block=block, ssl_version=latest_available_ssl_version(), + block=block, assert_hostname=self._assert_hostname, assert_fingerprint=self._assert_fingerprint, cert_reqs=ssl.CERT_REQUIRED) |