From df37c79dc9212d32453c115be09d1b85f1fde4ae Mon Sep 17 00:00:00 2001 From: Jussi Pakkanen Date: Mon, 28 Dec 2015 22:10:46 +0200 Subject: [PATCH] Use global certificates now that we have letsencrypt set up. Also fall back to plain http because many places are missing letsencrypt certificates. --- wraptool.py | 65 +++++++++++++---------------------------------------- 1 file changed, 15 insertions(+), 50 deletions(-) diff --git a/wraptool.py b/wraptool.py index ecb289999..2366b7895 100755 --- a/wraptool.py +++ b/wraptool.py @@ -20,11 +20,6 @@ import configparser import shutil import platform try: - # FIXME for some unknown reason ssl connections - # fail on OSX. Thus fall back to unencrypted - # traffic. - if platform.system().lower() == 'darwin': - import nonexisting import ssl has_ssl = True API_ROOT = 'https://wrapdb.mesonbuild.com/v1/' @@ -37,40 +32,6 @@ ssl_warning_printed = False from glob import glob -wrapdb_certificate = '''-----BEGIN CERTIFICATE----- -MIIFkzCCA3ugAwIBAgIJAIjVMWLmbJWUMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNV -BAYTAkZJMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxGjAYBgNVBAoMEVRoZSBNZXNv -biBQcm9qZWN0MR4wHAYDVQQDDBV3cmFwZGIubWVzb25idWlsZC5jb20wHhcNMTUw -NzIxMTk0NjI1WhcNMTYwNzIwMTk0NjI1WjBgMQswCQYDVQQGEwJGSTEVMBMGA1UE -BwwMRGVmYXVsdCBDaXR5MRowGAYDVQQKDBFUaGUgTWVzb24gUHJvamVjdDEeMBwG -A1UEAwwVd3JhcGRiLm1lc29uYnVpbGQuY29tMIICIjANBgkqhkiG9w0BAQEFAAOC -Ag8AMIICCgKCAgEArucsF2GNXW6PqGlW3egD3LxIX+YTWc7MscM5MFryoQEdCsxm -ME50J2bKZxyJIO+0bCyjvGQNbQxNIvu03ftMYVvbr949km+qafFy63U+QISXOdK1 -oAPIeQnxjwTt+xK/2E8NjChQeWMOb6iX0hsxRtBWoL35SP541xGjgjWKOJTErqcV -YdDiiTaChZMb9oV4qNEipBKHvU0EmLsF1Lm8psw332QlR5eqmCk12LtV7l5kVH38 -XD+aDpuB5CajcWdEQMDk4rDW6HkjNGnxYRWglMop1WbQvBLVlQ3r16BQT/Gz6x/B -5CLNjiQ1D9LzaGK0UUr2NnxXiZyE0DgNVK9HlNilE4tjapY4mRK2XanGKuCVIGhY -xuKB2UI2XbKXweNphHZh5L6a5tutxqkcj+ic0J7Fk+Kyk5smmjQC6DNRxEiQ88CJ -v7K29KaoqN0q/Gp5abc0YOXR9uA2L8TFbd+I58flSPL9XB/iYcTB4ExIHvYhzSjZ -P0HvkA3mpFpWcvpbGAhA4JkPBQL8jgUQlZnbKb2EdXKEwR7ccOuEEpQW0WL+qGBV -vm2xyrO+0Xr1pz0NKiPiBTi6pT883/9Jq1ybngBlyx1xBAF0cxJI8OrdkvYR0U2D -8I94AwKJRGiYgwsR/0OEY1CBXZDEs29AJYy8S+W1VUphwwL0+7meqUue1ucCAwEA -AaNQME4wHQYDVR0OBBYEFBHwvUp78l9J1g1LmElHnh3clzyBMB8GA1UdIwQYMBaA -FBHwvUp78l9J1g1LmElHnh3clzyBMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggIBAGiS/N3rchOTNADL9iGPEwTBt4aN3RzGALoxmQz/xahyr4NwsjY8rag5 -hVr1M6eZ3+NTRRC3fgPMGYVBbuN51N9SffEgRjAZzOkmBX7fLwTFY3ywsddWiomF -8kstor3103IEzPej9nNlQOht7+HKd1ggchji8+zFFGedmOxLweY5985Ze6TNaqVD -ONZ2u7RmkfpgNUDoMsfHyRnENcsQrJXXS1Pp2TRhb/+0NrqrdSorIKYlt5FP/GkZ -OBdm61RfwHLi72SmkeDGPeOYoS2b0SYNuoXHIX+fjVOOIES0A4jRXsQC10cKGZws -IuXNVLrWaLQq874op0oVteR5guW7Rr0KGRNA6MJt67H2VxPtoyaxCXjygoX0+a92 -KlDBb8geKOkNfoXg4fRF2Qxh+j5VLBgJyR+x/YYUdG89kDc+Tb3By3PVWi5ypAPC -UPYkc0F8hB9h9KYe78UnzqIRw+YjFN8bKJQS+DXBLyRmp35gn1yp/Vw2O7Vk+E7m -SuYF28YTKF/woZWdJH1aQDO0erUBXdiycZVeKbdm3jenNPHTiF/Wt22CXIlGjj83 -G+eGrvfQVk3oXRn+YlypIbxkV8eI1wOina799oiflQmvV8EevAS4dkJObahV6rtZ -qf3ZjWGS595JCwW0fq6AAtL+ygMSr6+DcjGibYbWTL3GmiMtUeWr ------END CERTIFICATE----- -''' - help_templ = '''This program allows you to manage your Wrap dependencies using the online wrap database http://wrapdb.mesonbuild.com. @@ -100,23 +61,27 @@ def build_ssl_context(): ctx.options |= ssl.OP_NO_SSLv2 ctx.options |= ssl.OP_NO_SSLv3 ctx.verify_mode = ssl.CERT_REQUIRED - ctx.load_verify_locations(cadata=wrapdb_certificate) + ctx.load_default_certs() return ctx def open_wrapdburl(urlstring): global ssl_warning_printed if has_ssl: - return urllib.request.urlopen(urlstring, context=build_ssl_context()) - else: - if not ssl_warning_printed: - print('Warning: ssl not available, traffic not authenticated.', - file=sys.stderr) - ssl_warning_printed = True - # Trying to open SSL connection to wrapdb fails because the - # certificate is not known. Use plain http. For some - # reason OSX fails here again. + try: + return urllib.request.urlopen(urlstring)#, context=build_ssl_context()) + except urllib.error.URLError: + if not ssl_warning_printed: + print('SSL connection failed. Falling back to unencrypted connections.') + ssl_warning_printed = True + if not ssl_warning_printed: + print('Warning: SSL not available, traffic not authenticated.', + file=sys.stderr) + ssl_warning_printed = True + # Trying to open SSL connection to wrapdb fails because the + # certificate is not known. + if urlstring.startswith('https'): urlstring = 'http' + urlstring[5:] - return urllib.request.urlopen(urlstring) + return urllib.request.urlopen(urlstring) def get_result(urlstring): u = open_wrapdburl(urlstring)