ENH: SSL certificate check can now be disable, if really necessary.

The function configure_connection() now has an option `ssl_insecure` to disable certificate checks.

ENH: SSL certificate check can now be disable, if really necessary.
43146c98 · Daniel · 47950cec · 43146c98
Commit 43146c98 authored 6 years ago by Daniel
--- a/src/caosdb/connection/connection.py
+++ b/src/caosdb/connection/connection.py
@@ -5,6 +5,7 @@
 #
 # Copyright (C) 2018 Research Group Biomedical Physics,
 # Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+# Copyright (c) 2019 Daniel Hornung
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
@@ -93,7 +94,11 @@ class _DefaultCaosDBServerConnection(CaosDBServerConnection):
    def configure(self, **config):
        context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
        context.verify_mode = ssl.CERT_REQUIRED
-        if hasattr(context, "check_hostname"):
+        if config.get("ssl_insecure"):
+            print("Relaxed SSL mode.")
+            context.verify_mode = ssl.CERT_NONE
+        if (not context.verify_mode == ssl.CERT_NONE and
+            hasattr(context, "check_hostname")):
            context.check_hostname = True
        if ("cacert" in config and config["cacert"] is not None and
                config["cacert"]):
@@ -179,6 +184,8 @@ def configure_connection(**kwargs):
    timeout         A connection timeout in seconds.
    implementation  A class which implements CaosDBServerConnection. (Default:
        _DefaultCaosDBServerConnection)
+    ssl_insecure    Whether SSL certificate warnings should be ignored. Only use
+        this fordevelopment purposes! (Default: False)
    """
    global_conf = (dict(get_config().items("Connection")) if
                   get_config().has_section("Connection") else dict())
@@ -367,6 +374,9 @@ class _Connection(object):  # pylint: disable=useless-object-inheritance
            return self._retry_http_request(method=method, path=path,
                                            headers=headers, body=body,
                                            **kwargs)
+        except ConnectionException as conex:
+            print(conex)
+            return None
        except LoginFailedException:
            if kwargs.get("reconnect", True) is True:
                self._login()