commit 8ca42bbf43dbbc717a562de5dc5d3164f4b29391
parent d2709fac71b3da72632466a2ac72c3e8b77698b5
Author: ThomasV <thomasv@gitorious>
Date: Fri, 22 Aug 2014 10:33:13 +0200
accept ssl certs signed by CA
Diffstat:
1 file changed, 18 insertions(+), 7 deletions(-)
diff --git a/lib/interface.py b/lib/interface.py
@@ -117,7 +117,7 @@ class TcpInterface(threading.Thread):
queue.put((self, {'method':method, 'params':params, 'result':result, 'id':_id}))
- def start_tcp(self):
+ def get_socket(self):
if self.proxy is not None:
socks.setdefaultproxy(self.proxy_mode, self.proxy["host"], int(self.proxy["port"]))
@@ -147,6 +147,15 @@ class TcpInterface(threading.Thread):
s = None
continue
+ # first try with ca
+ try:
+ ca_certs = os.path.join(self.config.path, 'ca', 'ca-bundle.crt')
+ s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_REQUIRED, ca_certs=ca_certs, do_handshake_on_connect=True)
+ print_error("SSL with ca:", self.host)
+ return s
+ except ssl.SSLError, e:
+ pass
+
try:
s = ssl.wrap_socket(s, ssl_version=ssl.PROTOCOL_SSLv3, cert_reqs=ssl.CERT_NONE, ca_certs=None)
except ssl.SSLError, e:
@@ -235,11 +244,7 @@ class TcpInterface(threading.Thread):
print_error("saving certificate for", self.host)
os.rename(temporary_path, cert_path)
- s.settimeout(60)
- self.s = s
- self.is_connected = True
- print_error("connected to", self.host, self.port)
- self.pipe = util.SocketPipe(s)
+ return s
def send_request(self, request, queue=None):
@@ -289,7 +294,13 @@ class TcpInterface(threading.Thread):
threading.Thread.start(self)
def run(self):
- self.start_tcp()
+ self.s = self.get_socket()
+ if self.s:
+ self.s.settimeout(60)
+ self.is_connected = True
+ print_error("connected to", self.host, self.port)
+ self.pipe = util.SocketPipe(self.s)
+
self.change_status()
if not self.is_connected:
return
