From 43146c984663f15be5641900bd7f3a612a9cf91c Mon Sep 17 00:00:00 2001
From: Daniel <daniel@harvey>
Date: Wed, 27 Feb 2019 11:13:50 +0100
Subject: [PATCH] ENH: SSL certificate check can now be disable, if really
 necessary.

The function configure_connection() now has an option `ssl_insecure` to disable
certificate checks.
---
 src/caosdb/connection/connection.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/caosdb/connection/connection.py b/src/caosdb/connection/connection.py
index eaee70a7..b14620c3 100644
--- a/src/caosdb/connection/connection.py
+++ b/src/caosdb/connection/connection.py
@@ -5,6 +5,7 @@
 #
 # Copyright (C) 2018 Research Group Biomedical Physics,
 # Max-Planck-Institute for Dynamics and Self-Organization Göttingen
+# Copyright (c) 2019 Daniel Hornung
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
@@ -93,7 +94,11 @@ class _DefaultCaosDBServerConnection(CaosDBServerConnection):
     def configure(self, **config):
         context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
         context.verify_mode = ssl.CERT_REQUIRED
-        if hasattr(context, "check_hostname"):
+        if config.get("ssl_insecure"):
+            print("Relaxed SSL mode.")
+            context.verify_mode = ssl.CERT_NONE
+        if (not context.verify_mode == ssl.CERT_NONE and
+            hasattr(context, "check_hostname")):
             context.check_hostname = True
         if ("cacert" in config and config["cacert"] is not None and
                 config["cacert"]):
@@ -179,6 +184,8 @@ def configure_connection(**kwargs):
     timeout         A connection timeout in seconds.
     implementation  A class which implements CaosDBServerConnection. (Default:
         _DefaultCaosDBServerConnection)
+    ssl_insecure    Whether SSL certificate warnings should be ignored. Only use
+        this fordevelopment purposes! (Default: False)
     """
     global_conf = (dict(get_config().items("Connection")) if
                    get_config().has_section("Connection") else dict())
@@ -367,6 +374,9 @@ class _Connection(object):  # pylint: disable=useless-object-inheritance
             return self._retry_http_request(method=method, path=path,
                                             headers=headers, body=body,
                                             **kwargs)
+        except ConnectionException as conex:
+            print(conex)
+            return None
         except LoginFailedException:
             if kwargs.get("reconnect", True) is True:
                 self._login()
-- 
GitLab