From 8de4777d42f474909390e0db7bb61e912bf7141f Mon Sep 17 00:00:00 2001 From: Tomas Touceda Date: Wed, 1 May 2013 10:16:16 -0300 Subject: Monkey patch u1db to allow self-signed SSL cert --- src/leap/soledad/__init__.py | 10 +++++++++- src/leap/soledad/backends/leap_backend.py | 3 +-- src/leap/soledad/shared_db.py | 30 +++++++++++++++++++++++++++++- 3 files changed, 39 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/leap/soledad/__init__.py b/src/leap/soledad/__init__.py index 791f8331..fb4c5520 100644 --- a/src/leap/soledad/__init__.py +++ b/src/leap/soledad/__init__.py @@ -48,6 +48,8 @@ from leap.soledad.backends.leap_backend import ( DocumentNotEncrypted, LeapSyncTarget, ) + +from leap.soledad import shared_db from leap.soledad.shared_db import SoledadSharedDatabase from leap.soledad.crypto import SoledadCrypto @@ -133,7 +135,7 @@ class Soledad(object): """ def __init__(self, uuid, passphrase, secret_path, local_db_path, - server_url, auth_token=None, bootstrap=True): + server_url, cert_file, auth_token=None, bootstrap=True): """ Initialize configuration, cryptographic keys and dbs. @@ -151,6 +153,9 @@ class Soledad(object): with the user's remote db and to interact with the shared recovery database. @type server_url: str + @param cert_file: Path to the SSL certificate to use in the + connection to the server_url. + @type cert_file: str @param auth_token: Authorization token for accessing remote databases. @type auth_token: str @param bootstrap: True/False, should bootstrap this instance? Mostly @@ -162,6 +167,9 @@ class Soledad(object): self._passphrase = passphrase self._init_config(secret_path, local_db_path, server_url) self._set_token(auth_token) + + shared_db.SOLEDAD_CERT = cert_file + if bootstrap: self._bootstrap() diff --git a/src/leap/soledad/backends/leap_backend.py b/src/leap/soledad/backends/leap_backend.py index 26b07f9e..1e9eb78f 100644 --- a/src/leap/soledad/backends/leap_backend.py +++ b/src/leap/soledad/backends/leap_backend.py @@ -41,7 +41,6 @@ from leap.soledad.auth import ( _sign_request, ) - # # Exceptions # @@ -367,7 +366,7 @@ class LeapSyncTarget(HTTPSyncTarget): @param docs_by_generations: A list of (doc_id, generation, trans_id) of local documents that were changed since the last local - generation the remote replica knows about. + generation the remote replica knows about. @type docs_by_generations: list of tuples @param source_replica_uid: The uid of the source replica. @type source_replica_uid: str diff --git a/src/leap/soledad/shared_db.py b/src/leap/soledad/shared_db.py index 02ff8667..06f40466 100644 --- a/src/leap/soledad/shared_db.py +++ b/src/leap/soledad/shared_db.py @@ -27,7 +27,8 @@ except ImportError: from u1db import errors -from u1db.remote import http_database + +from u1db.remote import http_database, http_client from leap.soledad.auth import ( @@ -35,6 +36,33 @@ from leap.soledad.auth import ( _sign_request, ) +SOLEDAD_CERT = None + +#----------------------------------------------------------------------------- +# Monkey patching u1db to be able to provide a custom SSL cert +#----------------------------------------------------------------------------- + +import httplib +import socket +import ssl + +class VerifiedHTTPSConnection(httplib.HTTPSConnection): + """HTTPSConnection verifying server side certificates.""" + # derived from httplib.py + + def connect(self): + "Connect to a host on a given (SSL) port." + sock = socket.create_connection((self.host, self.port), + self.timeout, self.source_address) + if self._tunnel_host: + self.sock = sock + self._tunnel() + self.sock = ssl.wrap_socket(sock, self.key_file, SOLEDAD_CERT, + ssl_version=ssl.PROTOCOL_SSLv3, + cert_reqs=ssl.CERT_REQUIRED, + ca_certs=SOLEDAD_CERT) + +http_client._VerifiedHTTPSConnection = VerifiedHTTPSConnection #----------------------------------------------------------------------------- # Soledad shared database -- cgit v1.2.3