Adding --verify for SSL certificate verification

Review Request #6783 — Created Jan. 16, 2015 and discarded

Information

RBTools
master

Reviewers

This is diff is for passing a self signed certificate down through to the SSLContext. This is necessary because python 2.7.9 has recently made urllib2.urlopen and its kin actually verify ssl certificates. I know, how dare they, right? So us peons that don't give money to thawte are S.O.L. without something like this.

This will store everything into an SSL_CONTEXT variable, which can either be a CA file in PEM format, or False. The former will obviously verify against that certificate while the latter will disable certificate stuff entirely.

Some considerations of this approach: * If you hit two different reviewboard servers and one has a self-signed certificate, it is likely there is no value besides False which you can supply that will make both servers happy. I think this could be done with the capath= argument and using a directory of certificates, but I couldn't figure out how openssl wanted the directory structure formatted

NB I just ran tests with python2.6 and they just exploded -- that said I'm late for an engagement so will fix later

Just preliminary testing, hitting our own server, hitting reviewboard.org's server, and hitting some rando's server i don't have the certificate for. Have only tested on python2.7.9 so far

Description From Last Updated

'ReviewBoardServer' imported but unused

reviewbotreviewbot
reviewbot
  1. Tool: PEP8 Style Checker
    Processed Files:
        rbtools/api/transport/sync.py
        rbtools/api/request.py
        rbtools/commands/__init__.py
    
    
    
    Tool: Pyflakes
    Processed Files:
        rbtools/api/transport/sync.py
        rbtools/api/request.py
        rbtools/commands/__init__.py
    
    
  2. 
      
chipx86
  1. I agree that we must do something, and this seems like a reasonable first step.

    I'm fine having the options that only apply on 2.7.9, so long as the docstrings say that it's ignored prior to 2.7.9.

    We're about to ship 0.7, which sadly won't include this at this point... but if you'd like to continue with it and get it into a landable state, I'd be very grateful.

  2. 
      
abhishek.mukher.g
reviewbot
  1. Tool: Pyflakes
    Processed Files:
        rbtools/api/transport/sync.py
        rbtools/api/request.py
        rbtools/commands/tests.py
        rbtools/commands/__init__.py
    
    Ignored Files:
        rbtools/commands/testdata/cafiles/digicert.pem
    
    
    
    Tool: PEP8 Style Checker
    Processed Files:
        rbtools/api/transport/sync.py
        rbtools/api/request.py
        rbtools/commands/tests.py
        rbtools/commands/__init__.py
    
    Ignored Files:
        rbtools/commands/testdata/cafiles/digicert.pem
    
    
  2. 
      
abhishek.mukher.g
abhishek.mukher.g
reviewbot
  1. Tool: PEP8 Style Checker
    Processed Files:
        rbtools/api/transport/sync.py
        rbtools/api/request.py
        rbtools/commands/tests.py
        rbtools/commands/__init__.py
    
    Ignored Files:
        rbtools/commands/testdata/cafiles/digicert.pem
    
    
    
    Tool: Pyflakes
    Processed Files:
        rbtools/api/transport/sync.py
        rbtools/api/request.py
        rbtools/commands/tests.py
        rbtools/commands/__init__.py
    
    Ignored Files:
        rbtools/commands/testdata/cafiles/digicert.pem
    
    
  2. rbtools/commands/tests.py (Diff revision 3)
     
     
     'ReviewBoardServer' imported but unused
    
  3. 
      
david
Review request changed

Status: Discarded

Loading...