Adding --verify for SSL certificate verification
Review Request #6783 — Created Jan. 16, 2015 and discarded — Latest diff uploaded
This is diff is for passing a self signed certificate down through to the SSLContext. This is necessary because python 2.7.9 has recently made urllib2.urlopen and its kin actually verify ssl certificates. I know, how dare they, right? So us peons that don't give money to thawte are S.O.L. without something like this.
This will store everything into an
SSL_CONTEXTvariable, which can either be a CA file in PEM format, or
False. The former will obviously verify against that certificate while the latter will disable certificate stuff entirely.
Some considerations of this approach:
* If you hit two different reviewboard servers and one has a self-signed certificate, it is likely there is no value besides
Falsewhich you can supply that will make both servers happy. I think this could be done with the
capath=argument and using a directory of certificates, but I couldn't figure out how openssl wanted the directory structure formatted
NB I just ran tests with python2.6 and they just exploded -- that said I'm late for an engagement so will fix later
Just preliminary testing, hitting our own server, hitting reviewboard.org's server, and hitting some rando's server i don't have the certificate for. Have only tested on python2.7.9 so far