From a8f65f8cc8f0a067ed4c4e5d5e158bda2e981d90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= Date: Tue, 17 Mar 2015 18:01:37 +0100 Subject: [PATCH] use python-request instead of pycurl or M2Crypto (#6540) --- src/authentic2/app_settings.py | 6 +--- src/authentic2/http_utils.py | 76 ++++-------------------------------------- 2 files changed, 7 insertions(+), 75 deletions(-) diff --git a/src/authentic2/app_settings.py b/src/authentic2/app_settings.py index 1c2223c..4fb6dfc 100644 --- a/src/authentic2/app_settings.py +++ b/src/authentic2/app_settings.py @@ -82,12 +82,8 @@ default_settings = dict( definition='List of attribute backend classes or modules', ), CAFILE = Setting(names=('AUTHENTIC2_CAFILE', 'CAFILE'), - default='/etc/ssl/certs/ca-certificates.crt', + default=None, definition='File containing certificate chains as PEM certificates'), - CAPATH = Setting(names=('AUTHENTIC2_CAPATH', 'CAPATH'), default='/etc/ssl/certs/', - definition='Directory containing PEM certificates named' - ' using OpenSSL certificate directory convention. ' - 'See http://www.openssl.org/docs/apps/verify.html#item__CApath'), A2_REGISTRATION_URLCONF = Setting(default='authentic2.registration_backend.urls', definition='Root urlconf for the /accounts endpoints'), A2_REGISTRATION_FORM_CLASS = Setting(default='authentic2.registration_backend.forms.RegistrationForm', diff --git a/src/authentic2/http_utils.py b/src/authentic2/http_utils.py index a5bc39d..1c79072 100644 --- a/src/authentic2/http_utils.py +++ b/src/authentic2/http_utils.py @@ -1,75 +1,11 @@ -import cStringIO -import urllib2 -pycurl = None -try: - import pycurl -except ImportError: - pass -M2Crypto = None -try: - import M2Crypto -except ImportError: - pass +import requests from authentic2 import app_settings -def get_url_pycurl(url): - '''Use pycurl to retrieve an HTTPS URL, preferred to M2Crypto as it also - handles Server Name Indication (SNI). - ''' - try: - buf = cStringIO.StringIO() - c = pycurl.Curl() - c.setopt(c.URL, str(url)) - c.setopt(c.WRITEFUNCTION, buf.write) - c.setopt(pycurl.CAINFO, app_settings.CAFILE) - c.setopt(pycurl.CAPATH, app_settings.CAPATH) - if app_settings.A2_VERIFY_SSL: - c.setopt(pycurl.SSL_VERIFYHOST, 2) - c.setopt(pycurl.SSL_VERIFYPEER, 1) - else: - c.setopt(pycurl.SSL_VERIFYHOST, 0) - c.setopt(pycurl.SSL_VERIFYPEER, 0) - c.perform() - r = buf.getvalue() - buf.close() - http_code = c.getinfo(pycurl.HTTP_CODE) - if http_code != 200: - raise urllib2.HTTPError(url, http_code, None, None, None) - return r - except pycurl.error, e: - # Wrap error - raise urllib2.URLError('SSL access error %s' % e) - -__M2CRYPTO_SSL_CONTEXT = None - -def get_m2crypto_ssl_context(): - '''Create an SSL Context and cache it in global __M2CRYPTO_SSL_CONTEXT''' - global __M2CRYPTO_SSL_CONTEXT - - if __M2CRYPTO_SSL_CONTEXT is None: - __M2CRYPTO_SSL_CONTEXT = M2Crypto.SSL.Context() - __M2CRYPTO_SSL_CONTEXT.load_verify_locations(cafile=app_settings.CAFILE, - capath=app_settings.CAPATH) - return __M2CRYPTO_SSL_CONTEXT - -def get_url_m2crypto(url): - '''Use M2Crypto to retrieve an HTTPs URL''' - try: - return M2Crypto.m2urllib2.build_opener(get_m2crypto_ssl_context()).open(url).read() - except M2Crypto.SSL.Checker.SSLVerificationError, e: - # Wrap error - raise urllib2.URLError('SSL Verification error %s' % e) - def get_url(url): - '''Does a simple GET on an URL, if the URL uses TLS, M2Crypto is used to - check the certificate''' - - if url.startswith('https'): - if pycurl: - return get_url_pycurl(url) - if M2Crypto: - return get_url_m2crypto(url) - raise urllib2.URLError('https is unsupported without either pyCurl or M2Crypto') - return urllib2.urlopen(url).read() + '''Does a simple GET on an URL, check the certificate''' + verify = app_settings.A2_VERIFY_SSL + if verify and app_settings.CAFILE: + verify = app_settings.CAFILE + return requests.get(url, verify=verify).text -- 2.1.4