diff --git a/resources/lib/app/connection.py b/resources/lib/app/connection.py index fa6586c9..2adcfb34 100644 --- a/resources/lib/app/connection.py +++ b/resources/lib/app/connection.py @@ -3,7 +3,7 @@ from __future__ import absolute_import, division, unicode_literals from logging import getLogger -from .. import utils, json_rpc as js +from .. import utils, json_rpc as js, variables as v LOG = getLogger('PLEX.connection') @@ -38,7 +38,9 @@ class Connection(object): def load(self): LOG.debug('Loading connection settings') # Shall we verify SSL certificates? "None" will leave SSL enabled - self.verify_ssl_cert = None if utils.settings('sslverify') == 'true' \ + # Ignore this setting for Kodi >= 18 as Kodi 18 is much stricter + # with checking SSL certs + self.verify_ssl_cert = None if v.KODIVERSION >= 18 or utils.settings('sslverify') == 'true' \ else False # Do we have an ssl certificate for PKC we need to use? self.ssl_cert_path = utils.settings('sslcert') \ @@ -61,7 +63,7 @@ class Connection(object): self.server_name, self.machine_identifier, self.server) def load_entrypoint(self): - self.verify_ssl_cert = None if utils.settings('sslverify') == 'true' \ + self.verify_ssl_cert = None if v.KODIVERSION >= 18 or utils.settings('sslverify') == 'true' \ else False self.ssl_cert_path = utils.settings('sslcert') \ if utils.settings('sslcert') != 'None' else None diff --git a/resources/lib/downloadutils.py b/resources/lib/downloadutils.py index 4a558f6e..c419f8b1 100644 --- a/resources/lib/downloadutils.py +++ b/resources/lib/downloadutils.py @@ -40,16 +40,12 @@ class DownloadUtils(): def __init__(self): self.__dict__ = self._shared_state - def setSSL(self, verifySSL=None, certificate=None): + def setSSL(self): """ - verifySSL must be 'true' to enable certificate validation - certificate must be path to certificate or 'None' """ - if verifySSL is None: - verifySSL = app.CONN.verify_ssl_cert - if certificate is None: - certificate = app.CONN.ssl_cert_path + verifySSL = app.CONN.verify_ssl_cert + certificate = app.CONN.ssl_cert_path # Set the session's parameters self.s.verify = verifySSL if certificate: diff --git a/resources/lib/initialsetup.py b/resources/lib/initialsetup.py index 78fc590b..16cea0cf 100644 --- a/resources/lib/initialsetup.py +++ b/resources/lib/initialsetup.py @@ -212,7 +212,8 @@ class InitialSetup(object): not set before """ answer = True - chk = PF.check_connection(app.CONN.server, verifySSL=False) + chk = PF.check_connection(app.CONN.server, + verifySSL=True if v.KODIVERSION >= 18 else False) if chk is False: LOG.warn('Could not reach PMS %s', app.CONN.server) answer = False @@ -245,8 +246,8 @@ class InitialSetup(object): if server['local']: url = ('%s://%s:%s' % (server['scheme'], server['ip'], server['port'])) - # Deactive SSL verification if the server is local! - verifySSL = False + # Deactive SSL verification if the server is local for Kodi 17 + verifySSL = True if v.KODIVERSION >= 18 else False else: url = server['baseURL'] verifySSL = True diff --git a/resources/lib/plex_functions.py b/resources/lib/plex_functions.py index 6d29609e..580705d0 100644 --- a/resources/lib/plex_functions.py +++ b/resources/lib/plex_functions.py @@ -131,7 +131,11 @@ def check_connection(url, token=None, verifySSL=None): if token is not None: header_options = {'X-Plex-Token': token} if verifySSL is True: - verifySSL = None if utils.settings('sslverify') == 'true' else False + if v.KODIVERSION >= 18: + # Always verify with Kodi >= 18 + verifySSL = True + else: + verifySSL = True if utils.settings('sslverify') == 'true' else False if 'plex.tv' in url: url = 'https://plex.tv/api/home/users' LOG.debug("Checking connection to server %s with verifySSL=%s", @@ -424,7 +428,7 @@ def _poke_pms(pms, queue): xml = DU().downloadUrl('%s/identity' % url, authenticate=False, headerOptions={'X-Plex-Token': pms['token']}, - verifySSL=False, + verifySSL=True if v.KODIVERSION >= 18 else False, timeout=10) try: xml.attrib['machineIdentifier'] @@ -804,14 +808,14 @@ def _pms_https_enabled(url): """ res = DU().downloadUrl('https://%s/identity' % url, authenticate=False, - verifySSL=False) + verifySSL=True if v.KODIVERSION >= 18 else False) try: res.attrib except AttributeError: # Might have SSL deactivated. Try with http res = DU().downloadUrl('http://%s/identity' % url, authenticate=False, - verifySSL=False) + verifySSL=True if v.KODIVERSION >= 18 else False) try: res.attrib except AttributeError: @@ -833,7 +837,7 @@ def GetMachineIdentifier(url): """ xml = DU().downloadUrl('%s/identity' % url, authenticate=False, - verifySSL=False, + verifySSL=True if v.KODIVERSION >= 18 else False, timeout=10, reraise=True) try: @@ -958,7 +962,7 @@ def get_PMS_settings(url, token): return DU().downloadUrl( '%s/:/prefs' % url, authenticate=False, - verifySSL=False, + verifySSL=True if v.KODIVERSION >= 18 else False, headerOptions={'X-Plex-Token': token} if token else None) diff --git a/resources/lib/service_entry.py b/resources/lib/service_entry.py index 63b4e554..17ee3959 100644 --- a/resources/lib/service_entry.py +++ b/resources/lib/service_entry.py @@ -481,7 +481,7 @@ class Service(): PF.check_connection, self.on_connection_check, server, - verifySSL=True) + verifySSL=app.CONN.verify_ssl_cert) backgroundthread.BGThreader.addTasksToFront([task]) continue elif not app.ACCOUNT.authenticated: