summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTomas Touceda <chiiph@leap.se>2013-05-01 10:16:16 -0300
committerdrebs <drebs@leap.se>2013-05-01 12:14:13 -0300
commit8de4777d42f474909390e0db7bb61e912bf7141f (patch)
treed8af2a473fa22da2969c7875bd2733e6a6e3a0ea
parent718a10190b5da5eb9e63157658b4035822fb866e (diff)
Monkey patch u1db to allow self-signed SSL cert
-rw-r--r--src/leap/soledad/__init__.py10
-rw-r--r--src/leap/soledad/backends/leap_backend.py3
-rw-r--r--src/leap/soledad/shared_db.py30
3 files changed, 39 insertions, 4 deletions
diff --git a/src/leap/soledad/__init__.py b/src/leap/soledad/__init__.py
index 791f8331..fb4c5520 100644
--- a/src/leap/soledad/__init__.py
+++ b/src/leap/soledad/__init__.py
@@ -48,6 +48,8 @@ from leap.soledad.backends.leap_backend import (
DocumentNotEncrypted,
LeapSyncTarget,
)
+
+from leap.soledad import shared_db
from leap.soledad.shared_db import SoledadSharedDatabase
from leap.soledad.crypto import SoledadCrypto
@@ -133,7 +135,7 @@ class Soledad(object):
"""
def __init__(self, uuid, passphrase, secret_path, local_db_path,
- server_url, auth_token=None, bootstrap=True):
+ server_url, cert_file, auth_token=None, bootstrap=True):
"""
Initialize configuration, cryptographic keys and dbs.
@@ -151,6 +153,9 @@ class Soledad(object):
with the user's remote db and to interact with the shared recovery
database.
@type server_url: str
+ @param cert_file: Path to the SSL certificate to use in the
+ connection to the server_url.
+ @type cert_file: str
@param auth_token: Authorization token for accessing remote databases.
@type auth_token: str
@param bootstrap: True/False, should bootstrap this instance? Mostly
@@ -162,6 +167,9 @@ class Soledad(object):
self._passphrase = passphrase
self._init_config(secret_path, local_db_path, server_url)
self._set_token(auth_token)
+
+ shared_db.SOLEDAD_CERT = cert_file
+
if bootstrap:
self._bootstrap()
diff --git a/src/leap/soledad/backends/leap_backend.py b/src/leap/soledad/backends/leap_backend.py
index 26b07f9e..1e9eb78f 100644
--- a/src/leap/soledad/backends/leap_backend.py
+++ b/src/leap/soledad/backends/leap_backend.py
@@ -41,7 +41,6 @@ from leap.soledad.auth import (
_sign_request,
)
-
#
# Exceptions
#
@@ -367,7 +366,7 @@ class LeapSyncTarget(HTTPSyncTarget):
@param docs_by_generations: A list of (doc_id, generation, trans_id)
of local documents that were changed since the last local
- generation the remote replica knows about.
+ generation the remote replica knows about.
@type docs_by_generations: list of tuples
@param source_replica_uid: The uid of the source replica.
@type source_replica_uid: str
diff --git a/src/leap/soledad/shared_db.py b/src/leap/soledad/shared_db.py
index 02ff8667..06f40466 100644
--- a/src/leap/soledad/shared_db.py
+++ b/src/leap/soledad/shared_db.py
@@ -27,7 +27,8 @@ except ImportError:
from u1db import errors
-from u1db.remote import http_database
+
+from u1db.remote import http_database, http_client
from leap.soledad.auth import (
@@ -35,6 +36,33 @@ from leap.soledad.auth import (
_sign_request,
)
+SOLEDAD_CERT = None
+
+#-----------------------------------------------------------------------------
+# Monkey patching u1db to be able to provide a custom SSL cert
+#-----------------------------------------------------------------------------
+
+import httplib
+import socket
+import ssl
+
+class VerifiedHTTPSConnection(httplib.HTTPSConnection):
+ """HTTPSConnection verifying server side certificates."""
+ # derived from httplib.py
+
+ def connect(self):
+ "Connect to a host on a given (SSL) port."
+ sock = socket.create_connection((self.host, self.port),
+ self.timeout, self.source_address)
+ if self._tunnel_host:
+ self.sock = sock
+ self._tunnel()
+ self.sock = ssl.wrap_socket(sock, self.key_file, SOLEDAD_CERT,
+ ssl_version=ssl.PROTOCOL_SSLv3,
+ cert_reqs=ssl.CERT_REQUIRED,
+ ca_certs=SOLEDAD_CERT)
+
+http_client._VerifiedHTTPSConnection = VerifiedHTTPSConnection
#-----------------------------------------------------------------------------
# Soledad shared database