From 93e3c62b99832d7643eb82f2ad0ae58b0c8b1fe2 Mon Sep 17 00:00:00 2001 From: John Ralls Date: Sun, 27 Sep 2015 12:19:44 -0700 Subject: [PATCH] Bug 8897 - Can not download new or updated add-ons Apple provides a hacked OpenSSL that checks Keychain for certs after failing to find them elsewhere (and normally there is no elsewhere). The versions provided for OS X versions < 10.8 are obsolete, preventing building osm-gps-maps's dependencies, so we provide our own but it can't be similarly hacked to use Keychain because that is a private API to which Apple doesn't provide headers. This is at root a Python problem, see https://bugs.python.org/issue17128 To work around it, disable certificate verification for this one URL for macs only. This does create the small security risk of a MITM attack injecting malicious add-ons, but since the URL is user-editable a phishing attack is more likely and there's nothing that SSL can do about that. --- gramps/gen/plug/utils.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/gramps/gen/plug/utils.py b/gramps/gen/plug/utils.py index b1edff39c..0b704e4bf 100644 --- a/gramps/gen/plug/utils.py +++ b/gramps/gen/plug/utils.py @@ -53,7 +53,7 @@ from ..utils.configmanager import safe_eval from ..config import config from ..const import GRAMPS_LOCALE as glocale _ = glocale.translation.sgettext -from ..constfunc import conv_to_unicode +from ..constfunc import conv_to_unicode, mac #------------------------------------------------------------------------- # @@ -176,6 +176,12 @@ class Zipfile(object): def available_updates(): whattypes = config.get('behavior.check-for-update-types') from urllib.request import urlopen + if mac(): + from ssl import create_default_context, CERT_NONE + context = create_default_context() + context.check_hostname = False + context.verify_mode = CERT_NONE + LOG.debug("Checking for updated addons...") langs = glocale.get_language_list() langs.append("en") @@ -186,12 +192,12 @@ def available_updates(): (config.get("behavior.addons-url"), lang)) LOG.debug(" trying: %s" % URL) try: - fp = urlopen(URL, timeout=10) # seconds + fp = urlopen(URL, timeout=10, context=context) # seconds except: try: URL = ("%s/listings/addons-%s.txt" % (config.get("behavior.addons-url"), lang[:2])) - fp = urlopen(URL, timeout=10) + fp = urlopen(URL, timeout=10, context=context) except Exception as err: # some error LOG.warning("Failed to open addon metadata for {lang} {url}: {err}". format(lang=lang, url=URL, err=err))