added a setting to control validation of SSL certificates

author Calin Crisan <ccrisan@gmail.com>

Sun, 14 Aug 2016 14:06:41 +0000 (17:06 +0300)

committer Calin Crisan <ccrisan@gmail.com>

Sun, 14 Aug 2016 14:06:41 +0000 (17:06 +0300)
author Calin Crisan <ccrisan@gmail.com>
Sun, 14 Aug 2016 14:06:41 +0000 (17:06 +0300)
committer Calin Crisan <ccrisan@gmail.com>
Sun, 14 Aug 2016 14:06:41 +0000 (17:06 +0300)
diff --git a/motioneye/remote.py b/motioneye/remote.py

index 23323c70bc22b6fde5662252f231fbee00e35b3a..8e6e45589949c22cace87e3a000ac881072b92ee 100644 (file)
--- a/motioneye/remote.py
+++ b/motioneye/remote.py
@@ -56,7 +56,8 @@ def _make_request(scheme, host, port, username, password, path, method='GET', da
      if content_type:
          headers['Content-Type'] = content_type
  
-    return HTTPRequest(url, method, body=data, connect_timeout=timeout, request_timeout=timeout, headers=headers)
+    return HTTPRequest(url, method, body=data, connect_timeout=timeout, request_timeout=timeout, headers=headers,
+            validate_cert=settings.VALIDATE_CERTS)
  
  
  def _callback_wrapper(callback):
diff --git a/motioneye/settings.py b/motioneye/settings.py

index 88dccf7002d1a1779c7450cd02a9eceb9eb1e441..ff442c4be51c08d96eab7bb77ed2c72f1b663756 100644 (file)
--- a/motioneye/settings.py
+++ b/motioneye/settings.py
@@ -123,3 +123,6 @@ TIMELAPSE_TIMEOUT = 500
  
  # enable adding and removing cameras from UI
  ADD_REMOVE_CAMERAS = True
+
+# enable HTTPS certificate validation
+VALIDATE_CERTS = True
diff --git a/motioneye/uploadservices.py b/motioneye/uploadservices.py

index 4fc87053e4ac8049ba3c909b0446b68bd53e2c66..101029348ac8d4b11650bc65fb132fb73f30671a 100644 (file)
--- a/motioneye/uploadservices.py
+++ b/motioneye/uploadservices.py
@@ -24,6 +24,7 @@ import urllib
  import urllib2 
  
  import settings
+import utils
  
  
  _STATE_FILE_NAME = 'uploadservices.json'
@@ -329,7 +330,7 @@ class GoogleDrive(UploadService):
          self.debug('requesting %s' % url)
          request = urllib2.Request(url, data=body, headers=headers)
          try:
-            response = urllib2.urlopen(request)
+            response = utils.urlopen(request)
          
          except urllib2.HTTPError as e:
              if e.code == 401 and retry_auth: # unauthorized, access token may have expired
@@ -380,7 +381,7 @@ class GoogleDrive(UploadService):
          request = urllib2.Request(self.TOKEN_URL, data=body, headers=headers)
          
          try:
-            response = urllib2.urlopen(request)
+            response = utils.urlopen(request)
          
          except urllib2.HTTPError as e:
              error = json.load(e)
@@ -409,7 +410,7 @@ class GoogleDrive(UploadService):
          request = urllib2.Request(self.TOKEN_URL, data=body, headers=headers)
          
          try:
-            response = urllib2.urlopen(request)
+            response = utils.urlopen(request)
          
          except urllib2.HTTPError as e:
              error = json.load(e)
@@ -538,7 +539,7 @@ class Dropbox(UploadService):
          self.debug('requesting %s' % url)
          request = urllib2.Request(url, data=body, headers=headers)
          try:
-            response = urllib2.urlopen(request)
+            response = utils.urlopen(request)
          
          except urllib2.HTTPError as e:
              if e.code == 401 and retry_auth: # unauthorized, access token may have expired
@@ -585,7 +586,7 @@ class Dropbox(UploadService):
          request = urllib2.Request(self.TOKEN_URL, data=body, headers=headers)
          
          try:
-            response = urllib2.urlopen(request)
+            response = utils.urlopen(request)
          
          except urllib2.HTTPError as e:
              error = json.load(e)
diff --git a/motioneye/utils.py b/motioneye/utils.py

index dd8af6776532483e314b7a8e89372af5fbbe013b..923901bcc93518b653aa808f4ce28902b4318b1e 100644 (file)
--- a/motioneye/utils.py
+++ b/motioneye/utils.py
@@ -23,8 +23,10 @@ import logging
  import os
  import re
  import socket
+import sys
  import time
  import urllib
+import urllib2
  import urlparse
  
  from tornado.httpclient import AsyncHTTPClient, HTTPRequest
@@ -379,9 +381,9 @@ def test_mjpeg_url(data, auth_modes, allow_jpeg, callback):
  
          request = HTTPRequest(url, auth_username=username, auth_password=password, auth_mode=auth_modes.pop(0),
                  connect_timeout=settings.REMOTE_REQUEST_TIMEOUT, request_timeout=settings.REMOTE_REQUEST_TIMEOUT,
-                header_callback=on_header)
+                header_callback=on_header, validate_cert=settings.VALIDATE_CERTS)
  
-        http_client = AsyncHTTPClient(force_instance=True)    
+        http_client = AsyncHTTPClient(force_instance=True)
          http_client.fetch(request, on_response)
  
      def on_header(header):
@@ -728,3 +730,19 @@ def build_digest_header(method, url, username, password, state):
      state['nonce_count'] = nonce_count
  
      return 'Digest %s' % (base)
+
+
+def urlopen(*args, **kwargs):
+    if sys.version_info >= (2, 7, 9) and not settings.VALIDATE_CERTS:
+        # ssl certs are not verified by default
+        # in versions prior to 2.7.9
+
+        import ssl
+
+        ctx = ssl.create_default_context()
+        ctx.check_hostname = False
+        ctx.verify_mode = ssl.CERT_NONE
+    
+        kwargs.setdefault('context', ctx)
+
+    return urllib2.urlopen(*args, **kwargs)
diff --git a/motioneye/webhook.py b/motioneye/webhook.py

index d38fb661e3ebe41c7ef3be226bf57b3d1efed4e0..bf90ba32aaf2a9c21fee8fe23f25653b3da630b7 100644 (file)
--- a/motioneye/webhook.py
+++ b/motioneye/webhook.py
@@ -32,6 +32,7 @@ def parse_options(parser, args):
  
  def main(parser, args):
      import meyectl
+    import utils
      
      options = parse_options(parser, args)
      
@@ -68,9 +69,9 @@ def main(parser, args):
  
      request = urllib2.Request(url, data, headers=headers)
      try:
-        urllib2.urlopen(request, timeout=settings.REMOTE_REQUEST_TIMEOUT)
+        utils.urlopen(request, timeout=settings.REMOTE_REQUEST_TIMEOUT)
          logging.debug('webhook successfully called')
-    
+
      except Exception as e:
          logging.error('failed to call webhook: %s' % e)
author	Calin Crisan <ccrisan@gmail.com>
	Sun, 14 Aug 2016 14:06:41 +0000 (17:06 +0300)
committer	Calin Crisan <ccrisan@gmail.com>
	Sun, 14 Aug 2016 14:06:41 +0000 (17:06 +0300)
motioneye/remote.py		patch \| blob \| history
motioneye/settings.py		patch \| blob \| history
motioneye/uploadservices.py		patch \| blob \| history
motioneye/utils.py		patch \| blob \| history
motioneye/webhook.py		patch \| blob \| history