Never ignore SSL certificate errors for Kodi >= 18 - just like Kodi

This commit is contained in:
croneter 2019-02-03 12:38:28 +01:00
parent ae3f24f6ca
commit f90b470f5b
5 changed files with 23 additions and 20 deletions

View file

@ -3,7 +3,7 @@
from __future__ import absolute_import, division, unicode_literals
from logging import getLogger
from .. import utils, json_rpc as js
from .. import utils, json_rpc as js, variables as v
LOG = getLogger('PLEX.connection')
@ -38,7 +38,9 @@ class Connection(object):
def load(self):
LOG.debug('Loading connection settings')
# Shall we verify SSL certificates? "None" will leave SSL enabled
self.verify_ssl_cert = None if utils.settings('sslverify') == 'true' \
# Ignore this setting for Kodi >= 18 as Kodi 18 is much stricter
# with checking SSL certs
self.verify_ssl_cert = None if v.KODIVERSION >= 18 or utils.settings('sslverify') == 'true' \
else False
# Do we have an ssl certificate for PKC we need to use?
self.ssl_cert_path = utils.settings('sslcert') \
@ -61,7 +63,7 @@ class Connection(object):
self.server_name, self.machine_identifier, self.server)
def load_entrypoint(self):
self.verify_ssl_cert = None if utils.settings('sslverify') == 'true' \
self.verify_ssl_cert = None if v.KODIVERSION >= 18 or utils.settings('sslverify') == 'true' \
else False
self.ssl_cert_path = utils.settings('sslcert') \
if utils.settings('sslcert') != 'None' else None

View file

@ -40,15 +40,11 @@ class DownloadUtils():
def __init__(self):
self.__dict__ = self._shared_state
def setSSL(self, verifySSL=None, certificate=None):
def setSSL(self):
"""
verifySSL must be 'true' to enable certificate validation
certificate must be path to certificate or 'None'
"""
if verifySSL is None:
verifySSL = app.CONN.verify_ssl_cert
if certificate is None:
certificate = app.CONN.ssl_cert_path
# Set the session's parameters
self.s.verify = verifySSL

View file

@ -212,7 +212,8 @@ class InitialSetup(object):
not set before
"""
answer = True
chk = PF.check_connection(app.CONN.server, verifySSL=False)
chk = PF.check_connection(app.CONN.server,
verifySSL=True if v.KODIVERSION >= 18 else False)
if chk is False:
LOG.warn('Could not reach PMS %s', app.CONN.server)
answer = False
@ -245,8 +246,8 @@ class InitialSetup(object):
if server['local']:
url = ('%s://%s:%s'
% (server['scheme'], server['ip'], server['port']))
# Deactive SSL verification if the server is local!
verifySSL = False
# Deactive SSL verification if the server is local for Kodi 17
verifySSL = True if v.KODIVERSION >= 18 else False
else:
url = server['baseURL']
verifySSL = True

View file

@ -131,7 +131,11 @@ def check_connection(url, token=None, verifySSL=None):
if token is not None:
header_options = {'X-Plex-Token': token}
if verifySSL is True:
verifySSL = None if utils.settings('sslverify') == 'true' else False
if v.KODIVERSION >= 18:
# Always verify with Kodi >= 18
verifySSL = True
else:
verifySSL = True if utils.settings('sslverify') == 'true' else False
if 'plex.tv' in url:
url = 'https://plex.tv/api/home/users'
LOG.debug("Checking connection to server %s with verifySSL=%s",
@ -424,7 +428,7 @@ def _poke_pms(pms, queue):
xml = DU().downloadUrl('%s/identity' % url,
authenticate=False,
headerOptions={'X-Plex-Token': pms['token']},
verifySSL=False,
verifySSL=True if v.KODIVERSION >= 18 else False,
timeout=10)
try:
xml.attrib['machineIdentifier']
@ -804,14 +808,14 @@ def _pms_https_enabled(url):
"""
res = DU().downloadUrl('https://%s/identity' % url,
authenticate=False,
verifySSL=False)
verifySSL=True if v.KODIVERSION >= 18 else False)
try:
res.attrib
except AttributeError:
# Might have SSL deactivated. Try with http
res = DU().downloadUrl('http://%s/identity' % url,
authenticate=False,
verifySSL=False)
verifySSL=True if v.KODIVERSION >= 18 else False)
try:
res.attrib
except AttributeError:
@ -833,7 +837,7 @@ def GetMachineIdentifier(url):
"""
xml = DU().downloadUrl('%s/identity' % url,
authenticate=False,
verifySSL=False,
verifySSL=True if v.KODIVERSION >= 18 else False,
timeout=10,
reraise=True)
try:
@ -958,7 +962,7 @@ def get_PMS_settings(url, token):
return DU().downloadUrl(
'%s/:/prefs' % url,
authenticate=False,
verifySSL=False,
verifySSL=True if v.KODIVERSION >= 18 else False,
headerOptions={'X-Plex-Token': token} if token else None)

View file

@ -481,7 +481,7 @@ class Service():
PF.check_connection,
self.on_connection_check,
server,
verifySSL=True)
verifySSL=app.CONN.verify_ssl_cert)
backgroundthread.BGThreader.addTasksToFront([task])
continue
elif not app.ACCOUNT.authenticated: