Skip to content

Fix ssl verify to require certs when true #233

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Dec 4, 2018
Merged

Fix ssl verify to require certs when true #233

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ab1d66c
Fix ssl verify to require certs when true
dan1 Dec 3, 2018
8a42444
Default handler verify=False for backward compat
dan1 Dec 4, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 9 additions & 5 deletions splunklib/binding.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -465,7 +465,8 @@ class Context(object):
c = binding.Context(cookie="splunkd_8089=...")
"""
def __init__(self, handler=None, **kwargs):
self.http = HttpLib(handler, kwargs.get("verify", True))
self.http = HttpLib(handler, kwargs.get("verify", False), key_file=kwargs.get("key_file"),
cert_file=kwargs.get("cert_file")) # Default to False for backward compat
self.token = kwargs.get("token", _NoAuthenticationToken)
if self.token is None: # In case someone explicitly passes token=None
self.token = _NoAuthenticationToken
Expand Down Expand Up @@ -1108,8 +1109,11 @@ class HttpLib(object):

If using the default handler, SSL verification can be disabled by passing verify=False.
"""
def __init__(self, custom_handler=None, verify=True):
self.handler = handler(verify=verify) if custom_handler is None else custom_handler
def __init__(self, custom_handler=None, verify=False, key_file=None, cert_file=None):
if custom_handler is None:
self.handler = handler(verify=verify, key_file=key_file, cert_file=cert_file)
else:
self.handler = custom_handler
self._cookies = {}

def delete(self, url, headers=None, **kwargs):
Expand Down Expand Up @@ -1317,7 +1321,7 @@ def readinto(self, byte_array):
return bytes_read


def handler(key_file=None, cert_file=None, timeout=None, verify=True):
def handler(key_file=None, cert_file=None, timeout=None, verify=False):
"""This class returns an instance of the default HTTP request handler using
the values you provide.

Expand All @@ -1341,7 +1345,7 @@ def connect(scheme, host, port):
if cert_file is not None: kwargs['cert_file'] = cert_file

# If running Python 2.7.9+, disable SSL certificate validation
if (sys.version_info >= (2,7,9) and key_file is None and cert_file is None) or not verify:
if (sys.version_info >= (2,7,9) and key_file is None and cert_file is None) and not verify:
kwargs['context'] = ssl._create_unverified_context()
return six.moves.http_client.HTTPSConnection(host, port, **kwargs)
raise ValueError("unsupported scheme: %s" % scheme)
Expand Down