From 97cc106f7db88d4807cac9e334a7e22b7bcf1584 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Sun, 25 Mar 2018 08:34:30 -0600 Subject: [PATCH] fail safe if ssl.create_default_context doesn't exist fall back to the default SSL handler when create_default_context doesn't exist as on Python versions prior to 2.7.9 where it hasn't been backported (Ubuntu Trusty). The downside is no certificate verification is done. --- CHANGELOG.md | 2 ++ suricata/update/net.py | 19 +++++++++++-------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3a95974..ab50434 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ - Bundle a copy of the index which can be used if download source for the index is not available, and no index was previously downloaded. Warnings will be issued. +- Fix for Python versions prior to 2.7.9 that don't have + ssl.create_default_context. For example, Ubuntu Trusty. ## 1.0.0b1 - 2018-01-19 - Various fixes for Python 3. diff --git a/suricata/update/net.py b/suricata/update/net.py index 33679de..074520a 100644 --- a/suricata/update/net.py +++ b/suricata/update/net.py @@ -91,14 +91,17 @@ def get(url, fileobj, progress_hook=None): user_agent = build_user_agent() logger.debug("Setting HTTP user-agent to %s", user_agent) - ssl_context = ssl.create_default_context() - - if config.get("no-check-certificate"): - logger.debug("Disabling SSL/TLS certificate verification.") - ssl_context.check_hostname = False - ssl_context.verify_mode = ssl.CERT_NONE - - opener = build_opener(HTTPSHandler(context=ssl_context)) + try: + # Wrap in a try as Python versions prior to 2.7.9 don't have + # create_default_context, but some distros have backported it. + ssl_context = ssl.create_default_context() + if config.get("no-check-certificate"): + logger.debug("Disabling SSL/TLS certificate verification.") + ssl_context.check_hostname = False + ssl_context.verify_mode = ssl.CERT_NONE + opener = build_opener(HTTPSHandler(context=ssl_context)) + except: + opener = build_opener() opener.addheaders = [ ("User-Agent", build_user_agent()), -- 2.47.3