Merge pull request #688 from croneter/enforce_ssl
Never ignore SSL certificate errors for Kodi >= 18 - just like Kodi
This commit is contained in:
commit
7acad7c268
5 changed files with 23 additions and 20 deletions
|
@ -3,7 +3,7 @@
|
|||
from __future__ import absolute_import, division, unicode_literals
|
||||
from logging import getLogger
|
||||
|
||||
from .. import utils, json_rpc as js
|
||||
from .. import utils, json_rpc as js, variables as v
|
||||
|
||||
LOG = getLogger('PLEX.connection')
|
||||
|
||||
|
@ -38,7 +38,9 @@ class Connection(object):
|
|||
def load(self):
|
||||
LOG.debug('Loading connection settings')
|
||||
# Shall we verify SSL certificates? "None" will leave SSL enabled
|
||||
self.verify_ssl_cert = None if utils.settings('sslverify') == 'true' \
|
||||
# Ignore this setting for Kodi >= 18 as Kodi 18 is much stricter
|
||||
# with checking SSL certs
|
||||
self.verify_ssl_cert = None if v.KODIVERSION >= 18 or utils.settings('sslverify') == 'true' \
|
||||
else False
|
||||
# Do we have an ssl certificate for PKC we need to use?
|
||||
self.ssl_cert_path = utils.settings('sslcert') \
|
||||
|
@ -61,7 +63,7 @@ class Connection(object):
|
|||
self.server_name, self.machine_identifier, self.server)
|
||||
|
||||
def load_entrypoint(self):
|
||||
self.verify_ssl_cert = None if utils.settings('sslverify') == 'true' \
|
||||
self.verify_ssl_cert = None if v.KODIVERSION >= 18 or utils.settings('sslverify') == 'true' \
|
||||
else False
|
||||
self.ssl_cert_path = utils.settings('sslcert') \
|
||||
if utils.settings('sslcert') != 'None' else None
|
||||
|
|
|
@ -40,16 +40,12 @@ class DownloadUtils():
|
|||
def __init__(self):
|
||||
self.__dict__ = self._shared_state
|
||||
|
||||
def setSSL(self, verifySSL=None, certificate=None):
|
||||
def setSSL(self):
|
||||
"""
|
||||
verifySSL must be 'true' to enable certificate validation
|
||||
|
||||
certificate must be path to certificate or 'None'
|
||||
"""
|
||||
if verifySSL is None:
|
||||
verifySSL = app.CONN.verify_ssl_cert
|
||||
if certificate is None:
|
||||
certificate = app.CONN.ssl_cert_path
|
||||
verifySSL = app.CONN.verify_ssl_cert
|
||||
certificate = app.CONN.ssl_cert_path
|
||||
# Set the session's parameters
|
||||
self.s.verify = verifySSL
|
||||
if certificate:
|
||||
|
|
|
@ -212,7 +212,8 @@ class InitialSetup(object):
|
|||
not set before
|
||||
"""
|
||||
answer = True
|
||||
chk = PF.check_connection(app.CONN.server, verifySSL=False)
|
||||
chk = PF.check_connection(app.CONN.server,
|
||||
verifySSL=True if v.KODIVERSION >= 18 else False)
|
||||
if chk is False:
|
||||
LOG.warn('Could not reach PMS %s', app.CONN.server)
|
||||
answer = False
|
||||
|
@ -245,8 +246,8 @@ class InitialSetup(object):
|
|||
if server['local']:
|
||||
url = ('%s://%s:%s'
|
||||
% (server['scheme'], server['ip'], server['port']))
|
||||
# Deactive SSL verification if the server is local!
|
||||
verifySSL = False
|
||||
# Deactive SSL verification if the server is local for Kodi 17
|
||||
verifySSL = True if v.KODIVERSION >= 18 else False
|
||||
else:
|
||||
url = server['baseURL']
|
||||
verifySSL = True
|
||||
|
|
|
@ -131,7 +131,11 @@ def check_connection(url, token=None, verifySSL=None):
|
|||
if token is not None:
|
||||
header_options = {'X-Plex-Token': token}
|
||||
if verifySSL is True:
|
||||
verifySSL = None if utils.settings('sslverify') == 'true' else False
|
||||
if v.KODIVERSION >= 18:
|
||||
# Always verify with Kodi >= 18
|
||||
verifySSL = True
|
||||
else:
|
||||
verifySSL = True if utils.settings('sslverify') == 'true' else False
|
||||
if 'plex.tv' in url:
|
||||
url = 'https://plex.tv/api/home/users'
|
||||
LOG.debug("Checking connection to server %s with verifySSL=%s",
|
||||
|
@ -424,7 +428,7 @@ def _poke_pms(pms, queue):
|
|||
xml = DU().downloadUrl('%s/identity' % url,
|
||||
authenticate=False,
|
||||
headerOptions={'X-Plex-Token': pms['token']},
|
||||
verifySSL=False,
|
||||
verifySSL=True if v.KODIVERSION >= 18 else False,
|
||||
timeout=10)
|
||||
try:
|
||||
xml.attrib['machineIdentifier']
|
||||
|
@ -804,14 +808,14 @@ def _pms_https_enabled(url):
|
|||
"""
|
||||
res = DU().downloadUrl('https://%s/identity' % url,
|
||||
authenticate=False,
|
||||
verifySSL=False)
|
||||
verifySSL=True if v.KODIVERSION >= 18 else False)
|
||||
try:
|
||||
res.attrib
|
||||
except AttributeError:
|
||||
# Might have SSL deactivated. Try with http
|
||||
res = DU().downloadUrl('http://%s/identity' % url,
|
||||
authenticate=False,
|
||||
verifySSL=False)
|
||||
verifySSL=True if v.KODIVERSION >= 18 else False)
|
||||
try:
|
||||
res.attrib
|
||||
except AttributeError:
|
||||
|
@ -833,7 +837,7 @@ def GetMachineIdentifier(url):
|
|||
"""
|
||||
xml = DU().downloadUrl('%s/identity' % url,
|
||||
authenticate=False,
|
||||
verifySSL=False,
|
||||
verifySSL=True if v.KODIVERSION >= 18 else False,
|
||||
timeout=10,
|
||||
reraise=True)
|
||||
try:
|
||||
|
@ -958,7 +962,7 @@ def get_PMS_settings(url, token):
|
|||
return DU().downloadUrl(
|
||||
'%s/:/prefs' % url,
|
||||
authenticate=False,
|
||||
verifySSL=False,
|
||||
verifySSL=True if v.KODIVERSION >= 18 else False,
|
||||
headerOptions={'X-Plex-Token': token} if token else None)
|
||||
|
||||
|
||||
|
|
|
@ -481,7 +481,7 @@ class Service():
|
|||
PF.check_connection,
|
||||
self.on_connection_check,
|
||||
server,
|
||||
verifySSL=True)
|
||||
verifySSL=app.CONN.verify_ssl_cert)
|
||||
backgroundthread.BGThreader.addTasksToFront([task])
|
||||
continue
|
||||
elif not app.ACCOUNT.authenticated:
|
||||
|
|
Loading…
Reference in a new issue