Use global certificates now that we have letsencrypt set up. Also fall back to plain http because many places are missing letsencrypt certificates.

pull/342/head
Jussi Pakkanen 9 years ago
parent 23b1ac795b
commit df37c79dc9
  1. 55
      wraptool.py

@ -20,11 +20,6 @@ import configparser
import shutil import shutil
import platform import platform
try: try:
# FIXME for some unknown reason ssl connections
# fail on OSX. Thus fall back to unencrypted
# traffic.
if platform.system().lower() == 'darwin':
import nonexisting
import ssl import ssl
has_ssl = True has_ssl = True
API_ROOT = 'https://wrapdb.mesonbuild.com/v1/' API_ROOT = 'https://wrapdb.mesonbuild.com/v1/'
@ -37,40 +32,6 @@ ssl_warning_printed = False
from glob import glob from glob import glob
wrapdb_certificate = '''-----BEGIN CERTIFICATE-----
MIIFkzCCA3ugAwIBAgIJAIjVMWLmbJWUMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNV
BAYTAkZJMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxGjAYBgNVBAoMEVRoZSBNZXNv
biBQcm9qZWN0MR4wHAYDVQQDDBV3cmFwZGIubWVzb25idWlsZC5jb20wHhcNMTUw
NzIxMTk0NjI1WhcNMTYwNzIwMTk0NjI1WjBgMQswCQYDVQQGEwJGSTEVMBMGA1UE
BwwMRGVmYXVsdCBDaXR5MRowGAYDVQQKDBFUaGUgTWVzb24gUHJvamVjdDEeMBwG
A1UEAwwVd3JhcGRiLm1lc29uYnVpbGQuY29tMIICIjANBgkqhkiG9w0BAQEFAAOC
Ag8AMIICCgKCAgEArucsF2GNXW6PqGlW3egD3LxIX+YTWc7MscM5MFryoQEdCsxm
ME50J2bKZxyJIO+0bCyjvGQNbQxNIvu03ftMYVvbr949km+qafFy63U+QISXOdK1
oAPIeQnxjwTt+xK/2E8NjChQeWMOb6iX0hsxRtBWoL35SP541xGjgjWKOJTErqcV
YdDiiTaChZMb9oV4qNEipBKHvU0EmLsF1Lm8psw332QlR5eqmCk12LtV7l5kVH38
XD+aDpuB5CajcWdEQMDk4rDW6HkjNGnxYRWglMop1WbQvBLVlQ3r16BQT/Gz6x/B
5CLNjiQ1D9LzaGK0UUr2NnxXiZyE0DgNVK9HlNilE4tjapY4mRK2XanGKuCVIGhY
xuKB2UI2XbKXweNphHZh5L6a5tutxqkcj+ic0J7Fk+Kyk5smmjQC6DNRxEiQ88CJ
v7K29KaoqN0q/Gp5abc0YOXR9uA2L8TFbd+I58flSPL9XB/iYcTB4ExIHvYhzSjZ
P0HvkA3mpFpWcvpbGAhA4JkPBQL8jgUQlZnbKb2EdXKEwR7ccOuEEpQW0WL+qGBV
vm2xyrO+0Xr1pz0NKiPiBTi6pT883/9Jq1ybngBlyx1xBAF0cxJI8OrdkvYR0U2D
8I94AwKJRGiYgwsR/0OEY1CBXZDEs29AJYy8S+W1VUphwwL0+7meqUue1ucCAwEA
AaNQME4wHQYDVR0OBBYEFBHwvUp78l9J1g1LmElHnh3clzyBMB8GA1UdIwQYMBaA
FBHwvUp78l9J1g1LmElHnh3clzyBMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggIBAGiS/N3rchOTNADL9iGPEwTBt4aN3RzGALoxmQz/xahyr4NwsjY8rag5
hVr1M6eZ3+NTRRC3fgPMGYVBbuN51N9SffEgRjAZzOkmBX7fLwTFY3ywsddWiomF
8kstor3103IEzPej9nNlQOht7+HKd1ggchji8+zFFGedmOxLweY5985Ze6TNaqVD
ONZ2u7RmkfpgNUDoMsfHyRnENcsQrJXXS1Pp2TRhb/+0NrqrdSorIKYlt5FP/GkZ
OBdm61RfwHLi72SmkeDGPeOYoS2b0SYNuoXHIX+fjVOOIES0A4jRXsQC10cKGZws
IuXNVLrWaLQq874op0oVteR5guW7Rr0KGRNA6MJt67H2VxPtoyaxCXjygoX0+a92
KlDBb8geKOkNfoXg4fRF2Qxh+j5VLBgJyR+x/YYUdG89kDc+Tb3By3PVWi5ypAPC
UPYkc0F8hB9h9KYe78UnzqIRw+YjFN8bKJQS+DXBLyRmp35gn1yp/Vw2O7Vk+E7m
SuYF28YTKF/woZWdJH1aQDO0erUBXdiycZVeKbdm3jenNPHTiF/Wt22CXIlGjj83
G+eGrvfQVk3oXRn+YlypIbxkV8eI1wOina799oiflQmvV8EevAS4dkJObahV6rtZ
qf3ZjWGS595JCwW0fq6AAtL+ygMSr6+DcjGibYbWTL3GmiMtUeWr
-----END CERTIFICATE-----
'''
help_templ = '''This program allows you to manage your Wrap dependencies help_templ = '''This program allows you to manage your Wrap dependencies
using the online wrap database http://wrapdb.mesonbuild.com. using the online wrap database http://wrapdb.mesonbuild.com.
@ -100,21 +61,25 @@ def build_ssl_context():
ctx.options |= ssl.OP_NO_SSLv2 ctx.options |= ssl.OP_NO_SSLv2
ctx.options |= ssl.OP_NO_SSLv3 ctx.options |= ssl.OP_NO_SSLv3
ctx.verify_mode = ssl.CERT_REQUIRED ctx.verify_mode = ssl.CERT_REQUIRED
ctx.load_verify_locations(cadata=wrapdb_certificate) ctx.load_default_certs()
return ctx return ctx
def open_wrapdburl(urlstring): def open_wrapdburl(urlstring):
global ssl_warning_printed global ssl_warning_printed
if has_ssl: if has_ssl:
return urllib.request.urlopen(urlstring, context=build_ssl_context()) try:
else: return urllib.request.urlopen(urlstring)#, context=build_ssl_context())
except urllib.error.URLError:
if not ssl_warning_printed:
print('SSL connection failed. Falling back to unencrypted connections.')
ssl_warning_printed = True
if not ssl_warning_printed: if not ssl_warning_printed:
print('Warning: ssl not available, traffic not authenticated.', print('Warning: SSL not available, traffic not authenticated.',
file=sys.stderr) file=sys.stderr)
ssl_warning_printed = True ssl_warning_printed = True
# Trying to open SSL connection to wrapdb fails because the # Trying to open SSL connection to wrapdb fails because the
# certificate is not known. Use plain http. For some # certificate is not known.
# reason OSX fails here again. if urlstring.startswith('https'):
urlstring = 'http' + urlstring[5:] urlstring = 'http' + urlstring[5:]
return urllib.request.urlopen(urlstring) return urllib.request.urlopen(urlstring)

Loading…
Cancel
Save