From: Calin Crisan Date: Sun, 14 Aug 2016 14:06:41 +0000 (+0300) Subject: added a setting to control validation of SSL certificates X-Git-Url: http://www.vanbest.org/gitweb/?a=commitdiff_plain;h=d65fcc8980990a79d30a00c74819fc5e8b3a97a5;p=motioneye-debian added a setting to control validation of SSL certificates --- diff --git a/motioneye/remote.py b/motioneye/remote.py index 23323c7..8e6e455 100644 --- a/motioneye/remote.py +++ b/motioneye/remote.py @@ -56,7 +56,8 @@ def _make_request(scheme, host, port, username, password, path, method='GET', da if content_type: headers['Content-Type'] = content_type - return HTTPRequest(url, method, body=data, connect_timeout=timeout, request_timeout=timeout, headers=headers) + return HTTPRequest(url, method, body=data, connect_timeout=timeout, request_timeout=timeout, headers=headers, + validate_cert=settings.VALIDATE_CERTS) def _callback_wrapper(callback): diff --git a/motioneye/settings.py b/motioneye/settings.py index 88dccf7..ff442c4 100644 --- a/motioneye/settings.py +++ b/motioneye/settings.py @@ -123,3 +123,6 @@ TIMELAPSE_TIMEOUT = 500 # enable adding and removing cameras from UI ADD_REMOVE_CAMERAS = True + +# enable HTTPS certificate validation +VALIDATE_CERTS = True diff --git a/motioneye/uploadservices.py b/motioneye/uploadservices.py index 4fc8705..1010293 100644 --- a/motioneye/uploadservices.py +++ b/motioneye/uploadservices.py @@ -24,6 +24,7 @@ import urllib import urllib2 import settings +import utils _STATE_FILE_NAME = 'uploadservices.json' @@ -329,7 +330,7 @@ class GoogleDrive(UploadService): self.debug('requesting %s' % url) request = urllib2.Request(url, data=body, headers=headers) try: - response = urllib2.urlopen(request) + response = utils.urlopen(request) except urllib2.HTTPError as e: if e.code == 401 and retry_auth: # unauthorized, access token may have expired @@ -380,7 +381,7 @@ class GoogleDrive(UploadService): request = urllib2.Request(self.TOKEN_URL, data=body, headers=headers) try: - response = urllib2.urlopen(request) + response = utils.urlopen(request) except urllib2.HTTPError as e: error = json.load(e) @@ -409,7 +410,7 @@ class GoogleDrive(UploadService): request = urllib2.Request(self.TOKEN_URL, data=body, headers=headers) try: - response = urllib2.urlopen(request) + response = utils.urlopen(request) except urllib2.HTTPError as e: error = json.load(e) @@ -538,7 +539,7 @@ class Dropbox(UploadService): self.debug('requesting %s' % url) request = urllib2.Request(url, data=body, headers=headers) try: - response = urllib2.urlopen(request) + response = utils.urlopen(request) except urllib2.HTTPError as e: if e.code == 401 and retry_auth: # unauthorized, access token may have expired @@ -585,7 +586,7 @@ class Dropbox(UploadService): request = urllib2.Request(self.TOKEN_URL, data=body, headers=headers) try: - response = urllib2.urlopen(request) + response = utils.urlopen(request) except urllib2.HTTPError as e: error = json.load(e) diff --git a/motioneye/utils.py b/motioneye/utils.py index dd8af67..923901b 100644 --- a/motioneye/utils.py +++ b/motioneye/utils.py @@ -23,8 +23,10 @@ import logging import os import re import socket +import sys import time import urllib +import urllib2 import urlparse from tornado.httpclient import AsyncHTTPClient, HTTPRequest @@ -379,9 +381,9 @@ def test_mjpeg_url(data, auth_modes, allow_jpeg, callback): request = HTTPRequest(url, auth_username=username, auth_password=password, auth_mode=auth_modes.pop(0), connect_timeout=settings.REMOTE_REQUEST_TIMEOUT, request_timeout=settings.REMOTE_REQUEST_TIMEOUT, - header_callback=on_header) + header_callback=on_header, validate_cert=settings.VALIDATE_CERTS) - http_client = AsyncHTTPClient(force_instance=True) + http_client = AsyncHTTPClient(force_instance=True) http_client.fetch(request, on_response) def on_header(header): @@ -728,3 +730,19 @@ def build_digest_header(method, url, username, password, state): state['nonce_count'] = nonce_count return 'Digest %s' % (base) + + +def urlopen(*args, **kwargs): + if sys.version_info >= (2, 7, 9) and not settings.VALIDATE_CERTS: + # ssl certs are not verified by default + # in versions prior to 2.7.9 + + import ssl + + ctx = ssl.create_default_context() + ctx.check_hostname = False + ctx.verify_mode = ssl.CERT_NONE + + kwargs.setdefault('context', ctx) + + return urllib2.urlopen(*args, **kwargs) diff --git a/motioneye/webhook.py b/motioneye/webhook.py index d38fb66..bf90ba3 100644 --- a/motioneye/webhook.py +++ b/motioneye/webhook.py @@ -32,6 +32,7 @@ def parse_options(parser, args): def main(parser, args): import meyectl + import utils options = parse_options(parser, args) @@ -68,9 +69,9 @@ def main(parser, args): request = urllib2.Request(url, data, headers=headers) try: - urllib2.urlopen(request, timeout=settings.REMOTE_REQUEST_TIMEOUT) + utils.urlopen(request, timeout=settings.REMOTE_REQUEST_TIMEOUT) logging.debug('webhook successfully called') - + except Exception as e: logging.error('failed to call webhook: %s' % e)