Monkey patch u1db to allow self-signed SSL cert

1 files changed, 29 insertions, 1 deletions

diff --git a/src/leap/soledad/shared_db.py b/src/leap/soledad/shared_db.py
index 02ff8667..06f40466 100644
--- a/src/leap/soledad/shared_db.py
+++ b/src/leap/soledad/shared_db.py
@@ -27,7 +27,8 @@ except ImportError:
 
 
 from u1db import errors
-from u1db.remote import http_database
+
+from u1db.remote import http_database, http_client
 
 
 from leap.soledad.auth import (
@@ -35,6 +36,33 @@ from leap.soledad.auth import (
     _sign_request,
 )
 
+SOLEDAD_CERT = None
+
+#-----------------------------------------------------------------------------
+# Monkey patching u1db to be able to provide a custom SSL cert
+#-----------------------------------------------------------------------------
+
+import httplib
+import socket
+import ssl
+
+class VerifiedHTTPSConnection(httplib.HTTPSConnection):
+    """HTTPSConnection verifying server side certificates."""
+    # derived from httplib.py
+
+    def connect(self):
+        "Connect to a host on a given (SSL) port."
+        sock = socket.create_connection((self.host, self.port),
+                                        self.timeout, self.source_address)
+        if self._tunnel_host:
+            self.sock = sock
+            self._tunnel()
+        self.sock = ssl.wrap_socket(sock, self.key_file, SOLEDAD_CERT,
+                                    ssl_version=ssl.PROTOCOL_SSLv3,
+                                    cert_reqs=ssl.CERT_REQUIRED,
+                                    ca_certs=SOLEDAD_CERT)
+
+http_client._VerifiedHTTPSConnection = VerifiedHTTPSConnection
 
 #-----------------------------------------------------------------------------
 # Soledad shared database