Adding --verify for SSL certificate verification
Review Request #6783 — Created Jan. 16, 2015 and discarded
This is diff is for passing a self signed certificate down through to the SSLContext. This is necessary because python 2.7.9 has recently made urllib2.urlopen and its kin actually verify ssl certificates. I know, how dare they, right? So us peons that don't give money to thawte are S.O.L. without something like this.
This will store everything into an
SSL_CONTEXTvariable, which can either be a CA file in PEM format, orFalse. The former will obviously verify against that certificate while the latter will disable certificate stuff entirely.Some considerations of this approach: * If you hit two different reviewboard servers and one has a self-signed certificate, it is likely there is no value besides
Falsewhich you can supply that will make both servers happy. I think this could be done with thecapath=argument and using a directory of certificates, but I couldn't figure out how openssl wanted the directory structure formattedNB I just ran tests with python2.6 and they just exploded -- that said I'm late for an engagement so will fix later
Just preliminary testing, hitting our own server, hitting reviewboard.org's server, and hitting some rando's server i don't have the certificate for. Have only tested on python2.7.9 so far
| Description | From | Last Updated |
|---|---|---|
|
'ReviewBoardServer' imported but unused |
 reviewbot
|
-
I agree that we must do something, and this seems like a reasonable first step.
I'm fine having the options that only apply on 2.7.9, so long as the docstrings say that it's ignored prior to 2.7.9.
We're about to ship 0.7, which sadly won't include this at this point... but if you'd like to continue with it and get it into a landable state, I'd be very grateful.
Summary: |
|
|||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Description: |
|
|||||||||||||||||||||||||||
Testing Done: |
|
|||||||||||||||||||||||||||
Branch: |
|
|||||||||||||||||||||||||||
Commit: |
|
|||||||||||||||||||||||||||
Diff: |
Revision 2 (+186 -4) |
-
Tool: Pyflakes Processed Files: rbtools/api/transport/sync.py rbtools/api/request.py rbtools/commands/tests.py rbtools/commands/__init__.py Ignored Files: rbtools/commands/testdata/cafiles/digicert.pem Tool: PEP8 Style Checker Processed Files: rbtools/api/transport/sync.py rbtools/api/request.py rbtools/commands/tests.py rbtools/commands/__init__.py Ignored Files: rbtools/commands/testdata/cafiles/digicert.pem
Description: |
|
|---|
Change Summary:
Fixed for python2.6. Apparently it has the ssl module but is missing a bunch of attributes that seem to be required to add this support.
Description: |
|
|||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Commit: |
|
|||||||||||||||||||||||||||
Diff: |
Revision 3 (+214 -5) |
-
Tool: PEP8 Style Checker Processed Files: rbtools/api/transport/sync.py rbtools/api/request.py rbtools/commands/tests.py rbtools/commands/__init__.py Ignored Files: rbtools/commands/testdata/cafiles/digicert.pem Tool: Pyflakes Processed Files: rbtools/api/transport/sync.py rbtools/api/request.py rbtools/commands/tests.py rbtools/commands/__init__.py Ignored Files: rbtools/commands/testdata/cafiles/digicert.pem -
Tool: PEP8 Style Checker Processed Files: rbtools/api/transport/sync.py rbtools/api/request.py rbtools/commands/__init__.py Tool: Pyflakes Processed Files: rbtools/api/transport/sync.py rbtools/api/request.py rbtools/commands/__init__.py