Use certifi to get SSL root certificates

This commit is contained in:
grossmj 2023-08-06 20:37:10 +10:00
parent a76d7576c6
commit 7f595b089b
4 changed files with 11 additions and 42 deletions

View File

@ -34,7 +34,6 @@ except ImportError:
from .appliance import Appliance
from ..config import Config
from ..utils.asyncio import locking
from ..utils.cacert import get_cacert
import logging
log = logging.getLogger(__name__)
@ -49,11 +48,11 @@ class ApplianceManager:
self._appliances = {}
self._appliances_etag = None
self._sslcontext = None
self._ssl_context = None
if hasattr(sys, "frozen"):
cacert = certifi.where()
self._sslcontext = ssl.create_default_context(cafile=cacert)
log.info("Use CA certificate '{}' for SSL connections".format(cacert))
self._ssl_context = ssl.create_default_context(cafile=cacert)
log.info("Using certificate authority (CA) bundle: {}".format(cacert))
@property
def appliances_etag(self):
@ -182,7 +181,7 @@ class ApplianceManager:
symbol_url = "https://raw.githubusercontent.com/GNS3/gns3-registry/master/symbols/{}".format(symbol)
async with aiohttp.ClientSession() as session:
async with session.get(symbol_url, ssl=self._sslcontext) as response:
async with session.get(symbol_url, ssl=self._ssl_context) as response:
if response.status != 200:
log.warning("Could not retrieve appliance symbol {} from GitHub due to HTTP error code {}".format(symbol, response.status))
else:
@ -210,7 +209,7 @@ class ApplianceManager:
async with aiohttp.ClientSession() as session:
async with session.get(
'https://api.github.com/repos/GNS3/gns3-registry/contents/appliances',
ssl=self._sslcontext,
ssl=self._ssl_context,
headers=headers
) as response:
if response.status == 304:

View File

@ -29,10 +29,10 @@ import struct
import platform
import locale
import distro
import certifi
from .version import __version__, __version_info__
from .config import Config
from .utils.cacert import get_cacert
import logging
log = logging.getLogger(__name__)
@ -73,11 +73,14 @@ class CrashReport:
if SENTRY_SDK_AVAILABLE:
# Don't send log records as events.
sentry_logging = LoggingIntegration(level=logging.INFO, event_level=None)
cacert = None
if hasattr(sys, "frozen"):
cacert = certifi.where()
try:
sentry_sdk.init(dsn=CrashReport.DSN,
release=__version__,
ca_certs=get_cacert(),
ca_certs=cacert,
default_integrations=False,
integrations=[sentry_logging])
except Exception as e:

View File

@ -1,34 +0,0 @@
# -*- coding: utf-8 -*-
#
# Copyright (C) 2023 GNS3 Technologies Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
import sys
from .get_resource import get_resource
import logging
log = logging.getLogger(__name__)
def get_cacert():
if hasattr(sys, "frozen"):
cacert_resource = get_resource("cacert.pem")
if cacert_resource is not None and os.path.isfile(cacert_resource):
return cacert_resource
else:
log.error("The SSL certificate bundle file '{}' could not be found".format(cacert_resource))
return None # this means we use the system's CA bundle

View File

@ -1,3 +1,4 @@
certifi>=2023.7.22
jsonschema>=4.17.3,<4.18; python_version >= '3.7'
jsonschema==3.2.0; python_version < '3.7' # v3.2.0 is the last version to support Python 3.6
aiohttp>=3.8.4,<3.9