Merge pull request #116 from cktse/master

Clean up https certificate verification logic by using reasonable defaults for CA file
This commit is contained in:
CorpNewt 2020-07-25 16:22:20 -05:00 committed by GitHub
commit 6415ddf48d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -11,6 +11,18 @@ class Downloader:
def __init__(self,**kwargs):
self.ua = kwargs.get("useragent",{"User-Agent":"Mozilla"})
# Provide reasonable default logic to workaround macOS CA file handling
cafile = ssl.get_default_verify_paths().openssl_cafile
try:
# If default OpenSSL CA file does not exist, use that from certifi
if not os.path.exists(cafile):
import certifi
cafile = certifi.where()
self.ssl_context = ssl.create_default_context(cafile=cafile)
except:
# None of the above worked, disable certificate verification for now
self.ssl_context = ssl._create_unverified_context()
return
def _decode(self, value, encoding="utf-8", errors="ignore"):
@ -24,18 +36,10 @@ class Downloader:
headers = self.ua if headers == None else headers
# Wrap up the try/except block so we don't have to do this for each function
try:
response = urlopen(Request(url, headers=headers))
response = urlopen(Request(url, headers=headers), context=self.ssl_context)
except Exception as e:
if sys.version_info >= (3, 0) or not (isinstance(e, urllib2.URLError) and "CERTIFICATE_VERIFY_FAILED" in str(e)):
# Either py3, or not the right error for this "fix"
return None
# Py2 and a Cert verify error - let's set the unverified context
context = ssl._create_unverified_context()
try:
response = urlopen(Request(url, headers=headers), context=context)
except:
# No fixing this - bail
return None
# No fixing this - bail
return None
return response
def get_size(self, size, suffix=None, use_1024=False, round_to=2, strip_zeroes=False):