From: Jason Ish Date: Thu, 14 Dec 2017 21:14:59 +0000 (-0600) Subject: --no-check-certificate options X-Git-Tag: 1.0.0b1~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5cf3e60cb9739c1d497d841f3829773c8faa9649;p=thirdparty%2Fsuricata-update.git --no-check-certificate options Allows the disabling of server TLS certificate checks. --- diff --git a/suricata/update/main.py b/suricata/update/main.py index a46935d..5f5b08a 100644 --- a/suricata/update/main.py +++ b/suricata/update/main.py @@ -34,7 +34,7 @@ import io try: # Python 3. - from urllib.error import HTTPError + from urllib.error import URLError except ImportError: # Python 2.7. from urllib2 import URLError @@ -944,6 +944,9 @@ def _main(): global_parser.add_argument( "--user-agent", metavar="", help="Set custom user-agent string") + global_parser.add_argument( + "--no-check-certificate", action="store_true", default=None, + help="Disable server SSL/TLS certificate verification") global_args, rem = global_parser.parse_known_args() diff --git a/suricata/update/net.py b/suricata/update/net.py index 6fb68c6..33679de 100644 --- a/suricata/update/net.py +++ b/suricata/update/net.py @@ -19,17 +19,21 @@ import platform import logging +import ssl try: # Python 3.3... from urllib.request import urlopen, build_opener from urllib.error import HTTPError + from urllib.request import HTTPSHandler except ImportError: # Python 2.6, 2.7. from urllib2 import urlopen, build_opener from urllib2 import HTTPError + from urllib2 import HTTPSHandler from suricata.update.version import version +from suricata.update import config logger = logging.getLogger() @@ -87,7 +91,15 @@ def get(url, fileobj, progress_hook=None): user_agent = build_user_agent() logger.debug("Setting HTTP user-agent to %s", user_agent) - opener = build_opener() + ssl_context = ssl.create_default_context() + + if config.get("no-check-certificate"): + logger.debug("Disabling SSL/TLS certificate verification.") + ssl_context.check_hostname = False + ssl_context.verify_mode = ssl.CERT_NONE + + opener = build_opener(HTTPSHandler(context=ssl_context)) + opener.addheaders = [ ("User-Agent", build_user_agent()), ]