From fd48cc8b44df3e4e3c0cae2da59afdb650480410 Mon Sep 17 00:00:00 2001 From: "C.K. Tse" Date: Sun, 7 Jun 2020 13:59:27 +0800 Subject: [PATCH] Clean up https certificate verification logic by using reasonable defaults for macOS --- Scripts/downloader.py | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/Scripts/downloader.py b/Scripts/downloader.py index 20424e2..2399451 100755 --- a/Scripts/downloader.py +++ b/Scripts/downloader.py @@ -11,6 +11,18 @@ class Downloader: def __init__(self,**kwargs): self.ua = kwargs.get("useragent",{"User-Agent":"Mozilla"}) + + # Provide reasonable default logic to workaround macOS CA file handling + cafile = ssl.get_default_verify_paths().openssl_cafile + try: + # If default OpenSSL CA file does not exist, use that from certifi + if not os.path.exists(cafile): + import certifi + cafile = certifi.where() + self.ssl_context = ssl.create_default_context(cafile=cafile) + except: + # None of the above worked, disable certificate verification for now + self.ssl_context = ssl._create_unverified_context() return def _decode(self, value, encoding="utf-8", errors="ignore"): @@ -24,18 +36,10 @@ class Downloader: headers = self.ua if headers == None else headers # Wrap up the try/except block so we don't have to do this for each function try: - response = urlopen(Request(url, headers=headers)) + response = urlopen(Request(url, headers=headers), context=self.ssl_context) except Exception as e: - if sys.version_info >= (3, 0) or not (isinstance(e, urllib2.URLError) and "CERTIFICATE_VERIFY_FAILED" in str(e)): - # Either py3, or not the right error for this "fix" - return None - # Py2 and a Cert verify error - let's set the unverified context - context = ssl._create_unverified_context() - try: - response = urlopen(Request(url, headers=headers), context=context) - except: - # No fixing this - bail - return None + # No fixing this - bail + return None return response def get_size(self, size, suffix=None, use_1024=False, round_to=2, strip_zeroes=False):