refs #2054 send client cert to ogcore, optionally verify ogcore's cert
parent
3ae4471d5d
commit
63944cef0e
|
@ -109,21 +109,22 @@ class REST(object):
|
|||
logger.debug ('TLS not available: python requests library is old')
|
||||
|
||||
self.use_tls = url.startswith ('https')
|
||||
#if self.use_tls:
|
||||
# if not ca_file or not crt_file or not key_file:
|
||||
# raise Exception ('missing TLS parameters in REST constructor')
|
||||
#
|
||||
# errs = 0
|
||||
# for f in [ca_file, crt_file, key_file]:
|
||||
# if not os.path.exists (f):
|
||||
# logger.error (f'{f}: No such file or directory')
|
||||
# errs += 1
|
||||
# if errs:
|
||||
# raise Exception ('TLS files not found')
|
||||
#
|
||||
#self.ca_file = ca_file
|
||||
#self.crt_file = crt_file
|
||||
#self.key_file = key_file
|
||||
if self.use_tls:
|
||||
if not ca_file or not crt_file or not key_file:
|
||||
raise Exception ('missing TLS parameters in REST constructor')
|
||||
|
||||
errs = 0
|
||||
for f in [ca_file, crt_file, key_file]:
|
||||
if not os.path.exists (f):
|
||||
logger.error (f'{f}: No such file or directory')
|
||||
errs += 1
|
||||
if errs:
|
||||
raise Exception ('TLS files not found')
|
||||
|
||||
self.ca_file = ca_file
|
||||
self.crt_file = crt_file
|
||||
self.key_file = key_file
|
||||
self.verify_tls = False
|
||||
|
||||
# Disable logging requests messages except for errors, ...
|
||||
logging.getLogger("requests").setLevel(logging.CRITICAL)
|
||||
|
@ -156,7 +157,13 @@ class REST(object):
|
|||
# Old requests version does not support verify, but it do not checks ssl certificate by default
|
||||
if self.newerRequestLib:
|
||||
if self.use_tls:
|
||||
r = requests.get(url, verify=False, timeout=TIMEOUT)
|
||||
if self.verify_tls:
|
||||
logger.debug ('nati: using TLS for GET')
|
||||
v = self.ca_file
|
||||
else:
|
||||
logger.warning ('using insecure TLS for GET')
|
||||
v = False
|
||||
r = requests.get(url, cert=(self.crt_file, self.key_file), verify=v, timeout=TIMEOUT)
|
||||
else:
|
||||
r = requests.get(url, timeout=TIMEOUT)
|
||||
else:
|
||||
|
@ -165,7 +172,13 @@ class REST(object):
|
|||
logger.debug('Requesting using POST {}, data: {}'.format(url, data))
|
||||
if self.newerRequestLib:
|
||||
if self.use_tls:
|
||||
r = requests.post(url, data=data, headers={'content-type': 'application/json'}, verify=False, timeout=TIMEOUT)
|
||||
if self.verify_tls:
|
||||
logger.debug ('nati: using TLS for POST')
|
||||
v = self.ca_file
|
||||
else:
|
||||
logger.warning ('using insecure TLS for POST')
|
||||
v = False
|
||||
r = requests.post(url, data=data, headers={'content-type': 'application/json'}, cert=(self.crt_file, self.key_file), verify=v, timeout=TIMEOUT)
|
||||
else:
|
||||
r = requests.post(url, data=data, headers={'content-type': 'application/json'}, timeout=TIMEOUT)
|
||||
else:
|
||||
|
|
Loading…
Reference in New Issue