From 18049a80228c22ae3ba8e5e217f64cfea6fd1159 Mon Sep 17 00:00:00 2001 From: "Michael S. Root" Date: Tue, 14 Mar 2017 11:11:01 -0700 Subject: [PATCH 1/2] Add support for external SSL certificates in upload methods. Note: Have tested that this works at our local site, but haven't tested it with proxy connections. --- shotgun_api3/shotgun.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/shotgun_api3/shotgun.py b/shotgun_api3/shotgun.py index 405f7fa1d..2f7f10e72 100755 --- a/shotgun_api3/shotgun.py +++ b/shotgun_api3/shotgun.py @@ -2934,11 +2934,15 @@ def _build_opener(self, handler): """ Build urllib2 opener with appropriate proxy handler. """ + handlers = [] + if self.__ca_certs: + context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, + cafile=self.__ca_certs) + handlers.append(urllib2.HTTPSHandler(context=context)) if self.config.proxy_handler: - opener = urllib2.build_opener(self.config.proxy_handler, handler) - else: - opener = urllib2.build_opener(handler) - return opener + handlers.append(self.config.proxy_handler) + handlers.append(handler) + return urllib2.build_opener(*handlers) def _turn_off_ssl_validation(self): """ From 7a2a9048e9d5eca29dabe2e092855d70574052e8 Mon Sep 17 00:00:00 2001 From: "Michael S. Root" Date: Tue, 14 Mar 2017 12:19:48 -0700 Subject: [PATCH 2/2] Bugfix for Python ssl module <= 2.7.8 I believe in Python <= 2.7.8 it simply doesn't validate the certificate at all, but the upload should still work. Now also honors the NO_SSL_VALIDATION setting. --- shotgun_api3/shotgun.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shotgun_api3/shotgun.py b/shotgun_api3/shotgun.py index 2f7f10e72..53cc03f69 100755 --- a/shotgun_api3/shotgun.py +++ b/shotgun_api3/shotgun.py @@ -2935,7 +2935,7 @@ def _build_opener(self, handler): Build urllib2 opener with appropriate proxy handler. """ handlers = [] - if self.__ca_certs: + if self.__ca_certs and not NO_SSL_VALIDATION and hasattr(ssl, "create_default_context"): context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=self.__ca_certs) handlers.append(urllib2.HTTPSHandler(context=context))