Skip to content
Snippets Groups Projects
Commit 43146c98 authored by Daniel's avatar Daniel
Browse files

ENH: SSL certificate check can now be disable, if really necessary. 

The function configure_connection() now has an option `ssl_insecure` to disable
certificate checks.
parent 47950cec
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/caosdb/connection/connection.py
+ 11
1
View file @ 43146c98
...@@ -5,6 +5,7 @@ ...@@ -5,6 +5,7 @@
# #
# Copyright (C) 2018 Research Group Biomedical Physics, # Copyright (C) 2018 Research Group Biomedical Physics,
# Max-Planck-Institute for Dynamics and Self-Organization Göttingen # Max-Planck-Institute for Dynamics and Self-Organization Göttingen
# Copyright (c) 2019 Daniel Hornung
# #
# This program is free software: you can redistribute it and/or modify # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as # it under the terms of the GNU Affero General Public License as
...@@ -93,7 +94,11 @@ class _DefaultCaosDBServerConnection(CaosDBServerConnection): ...@@ -93,7 +94,11 @@ class _DefaultCaosDBServerConnection(CaosDBServerConnection):
def configure(self, **config): def configure(self, **config):
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.verify_mode = ssl.CERT_REQUIRED context.verify_mode = ssl.CERT_REQUIRED
if hasattr(context, "check_hostname"): if config.get("ssl_insecure"):
print("Relaxed SSL mode.")
context.verify_mode = ssl.CERT_NONE
if (not context.verify_mode == ssl.CERT_NONE and
hasattr(context, "check_hostname")):
context.check_hostname = True context.check_hostname = True
if ("cacert" in config and config["cacert"] is not None and if ("cacert" in config and config["cacert"] is not None and
config["cacert"]): config["cacert"]):
...@@ -179,6 +184,8 @@ def configure_connection(**kwargs): ...@@ -179,6 +184,8 @@ def configure_connection(**kwargs):
timeout A connection timeout in seconds. timeout A connection timeout in seconds.
implementation A class which implements CaosDBServerConnection. (Default: implementation A class which implements CaosDBServerConnection. (Default:
_DefaultCaosDBServerConnection) _DefaultCaosDBServerConnection)
ssl_insecure Whether SSL certificate warnings should be ignored. Only use
this fordevelopment purposes! (Default: False)
""" """
global_conf = (dict(get_config().items("Connection")) if global_conf = (dict(get_config().items("Connection")) if
get_config().has_section("Connection") else dict()) get_config().has_section("Connection") else dict())
...@@ -367,6 +374,9 @@ class _Connection(object): # pylint: disable=useless-object-inheritance ...@@ -367,6 +374,9 @@ class _Connection(object): # pylint: disable=useless-object-inheritance
return self._retry_http_request(method=method, path=path, return self._retry_http_request(method=method, path=path,
headers=headers, body=body, headers=headers, body=body,
**kwargs) **kwargs)
except ConnectionException as conex:
print(conex)
return None
except LoginFailedException: except LoginFailedException:
if kwargs.get("reconnect", True) is True: if kwargs.get("reconnect", True) is True:
self._login() self._login()
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment