... | ... |
@@ -78,6 +78,7 @@ class Config(object): |
78 | 78 |
gpg_decrypt = "%(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s" |
79 | 79 |
use_https = False |
80 | 80 |
ca_certs_file = "" |
81 |
+ check_ssl_certificate = True |
|
81 | 82 |
bucket_location = "US" |
82 | 83 |
default_mime_type = "binary/octet-stream" |
83 | 84 |
guess_mime_type = True |
... | ... |
@@ -20,6 +20,24 @@ class http_connection(object): |
20 | 20 |
context_set = False |
21 | 21 |
|
22 | 22 |
@staticmethod |
23 |
+ def _ssl_unverified_context(): |
|
24 |
+ context = None |
|
25 |
+ try: |
|
26 |
+ context = ssl._create_unverified_context() |
|
27 |
+ except AttributeError: # no ssl._create_unverified_context() |
|
28 |
+ pass |
|
29 |
+ return context |
|
30 |
+ |
|
31 |
+ @staticmethod |
|
32 |
+ def _ssl_verified_context(cafile): |
|
33 |
+ context = None |
|
34 |
+ try: |
|
35 |
+ context = ssl.create_default_context(cafile=cafile) |
|
36 |
+ except AttributeError: # no ssl.create_default_context |
|
37 |
+ pass |
|
38 |
+ return context |
|
39 |
+ |
|
40 |
+ @staticmethod |
|
23 | 41 |
def _ssl_context(): |
24 | 42 |
if http_connection.context_set: |
25 | 43 |
return http_connection.context |
... | ... |
@@ -29,23 +47,21 @@ class http_connection(object): |
29 | 29 |
if cafile == "": |
30 | 30 |
cafile = None |
31 | 31 |
debug(u"Using ca_certs_file %s" % cafile) |
32 |
- try: |
|
33 |
- http_connection.context = ssl.create_default_context(cafile=cafile) |
|
34 |
- http_connection.context_set = True |
|
35 |
- except AttributeError: # no ssl.create_default_context |
|
36 |
- try: |
|
37 |
- http_connection.context = ssl._create_unverified_context() |
|
38 |
- except AttributeError: # no ssl._create_unverified_context() |
|
39 |
- pass |
|
40 | 32 |
|
33 |
+ if cfg.check_ssl_certificate: |
|
34 |
+ context = http_connection._ssl_verified_context(cafile) |
|
35 |
+ else: |
|
36 |
+ context = http_connection._ssl_unverified_context() |
|
37 |
+ |
|
38 |
+ http_connection.context = context |
|
41 | 39 |
http_connection.context_set = True |
42 |
- return http_connection.context |
|
40 |
+ return context |
|
43 | 41 |
|
44 | 42 |
@staticmethod |
45 | 43 |
def _https_connection(hostname): |
46 | 44 |
try: |
47 | 45 |
context = http_connection._ssl_context() |
48 |
- conn = httplib.HTTPSConnection(hostname, context=http_connection.context) |
|
46 |
+ conn = httplib.HTTPSConnection(hostname, context=context) |
|
49 | 47 |
except TypeError: |
50 | 48 |
conn = httplib.HTTPSConnection(hostname) |
51 | 49 |
return conn |
... | ... |
@@ -2223,6 +2223,8 @@ def main(): |
2223 | 2223 |
optparser.add_option( "--cache-file", dest="cache_file", action="store", default="", metavar="FILE", help="Cache FILE containing local source MD5 values") |
2224 | 2224 |
optparser.add_option("-q", "--quiet", dest="quiet", action="store_true", default=False, help="Silence output on stdout") |
2225 | 2225 |
optparser.add_option("--ca-certs", dest="ca_certs_file", action="store", default=None, help="Path to SSL CA certificate FILE (instead of system default)") |
2226 |
+ optparser.add_option("--check-certificate", dest="check_ssl_certificate", action="store_true", help="Check SSL certificate validity") |
|
2227 |
+ optparser.add_option("--no-check-certificate", dest="check_ssl_certificate", action="store_false", help="Check SSL certificate validity") |
|
2226 | 2228 |
|
2227 | 2229 |
optparser.set_usage(optparser.usage + " COMMAND [parameters]") |
2228 | 2230 |
optparser.set_description('S3cmd is a tool for managing objects in '+ |