~bzr-pqm/bzr/bzr.dev : contents of bzrlib/transport/http/ca

~bzr-pqm/bzr/bzr.dev : (revision 6063)

# Copyright (C) 2007 Canonical Ltd
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

"""Auto-detect of CA bundle for SSL connections"""

import os
import sys
from bzrlib.trace import mutter


_ca_path = None


def get_ca_path(use_cache=True):
    """Return location of CA bundle"""
    global _ca_path

    if _ca_path is not None and use_cache:
        return _ca_path

    # Find CA bundle for SSL
    # Reimplementation in Python the magic of curl command line tool
    # from "Details on Server SSL Certificates"
    # http://curl.haxx.se/docs/sslcerts.html
    #
    # 4. If you're using the curl command line tool, you can specify your own
    #    CA cert path by setting the environment variable CURL_CA_BUNDLE to the
    #    path of your choice.
    #
    #    If you're using the curl command line tool on Windows, curl will
    #    search for a CA cert file named "curl-ca-bundle.crt" in these
    #    directories and in this order:
    #      1. application's directory
    #      2. current working directory
    #      3. Windows System directory (e.g. C:\windows\system32)
    #      4. Windows Directory (e.g. C:\windows)
    #      5. all directories along %PATH%
    #
    # NOTES:
    #   bialix: Windows directories usually listed in PATH env variable
    #   j-a-meinel: bzr should not look in current working dir

    path = os.environ.get('CURL_CA_BUNDLE')
    if not path and sys.platform == 'win32':
        dirs = [os.path.realpath(os.path.dirname(sys.argv[0]))]     # app dir
        paths = os.environ.get('PATH')
        if paths:
            # don't include the cwd in the search
            paths = [i for i in paths.split(os.pathsep) if i not in ('', '.')]
            dirs.extend(paths)
        for d in dirs:
            fname = os.path.join(d, "curl-ca-bundle.crt")
            if os.path.isfile(fname):
                path = fname
                break
    if path:
        mutter('using CA bundle: %r', path)
    else:
        path = ''

    if use_cache:
        _ca_path = path

    return path

2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	1	# Copyright (C) 2007 Canonical Ltd
	2	#
	3	# This program is free software; you can redistribute it and/or modify
	4	# it under the terms of the GNU General Public License as published by
	5	# the Free Software Foundation; either version 2 of the License, or
	6	# (at your option) any later version.
	7	#
	8	# This program is distributed in the hope that it will be useful,
	9	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	10	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	11	# GNU General Public License for more details.
	12	#
	13	# You should have received a copy of the GNU General Public License
	14	# along with this program; if not, write to the Free Software
4183.7.1 by Sabin Iacob update FSF mailing address	15	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	16
	17	"""Auto-detect of CA bundle for SSL connections"""
	18
	19	import os
	20	import sys
	21	from bzrlib.trace import mutter
	22
	23
	24	_ca_path = None
	25
	26
	27	def get_ca_path(use_cache=True):
	28	"""Return location of CA bundle"""
	29	global _ca_path
	30
	31	if _ca_path is not None and use_cache:
	32	return _ca_path
	33
	34	# Find CA bundle for SSL
	35	# Reimplementation in Python the magic of curl command line tool
	36	# from "Details on Server SSL Certificates"
	37	# http://curl.haxx.se/docs/sslcerts.html
	38	#
2929.3.19 by Vincent Ladeuil Fix 1.1 related bugs in HTTP server, add HTTPS passing tests (by temporarily disabling pycurl certificate verification).	39	# 4. If you're using the curl command line tool, you can specify your own
	40	# CA cert path by setting the environment variable CURL_CA_BUNDLE to the
	41	# path of your choice.
2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	42	#
2929.3.19 by Vincent Ladeuil Fix 1.1 related bugs in HTTP server, add HTTPS passing tests (by temporarily disabling pycurl certificate verification).	43	# If you're using the curl command line tool on Windows, curl will
	44	# search for a CA cert file named "curl-ca-bundle.crt" in these
	45	# directories and in this order:
2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	46	# 1. application's directory
	47	# 2. current working directory
	48	# 3. Windows System directory (e.g. C:\windows\system32)
	49	# 4. Windows Directory (e.g. C:\windows)
	50	# 5. all directories along %PATH%
2298.5.2 by Alexander Belchenko Don't look in cwd for CA bundle (note from John)	51	#
	52	# NOTES:
	53	# bialix: Windows directories usually listed in PATH env variable
	54	# j-a-meinel: bzr should not look in current working dir
2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	55
	56	path = os.environ.get('CURL_CA_BUNDLE')
	57	if not path and sys.platform == 'win32':
2298.5.2 by Alexander Belchenko Don't look in cwd for CA bundle (note from John)	58	dirs = [os.path.realpath(os.path.dirname(sys.argv[0]))] # app dir
2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	59	paths = os.environ.get('PATH')
	60	if paths:
2298.5.3 by Alexander Belchenko added comment about excluding cwd from PATH	61	# don't include the cwd in the search
	62	paths = [i for i in paths.split(os.pathsep) if i not in ('', '.')]
2298.5.2 by Alexander Belchenko Don't look in cwd for CA bundle (note from John)	63	dirs.extend(paths)
2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	64	for d in dirs:
	65	fname = os.path.join(d, "curl-ca-bundle.crt")
	66	if os.path.isfile(fname):
	67	path = fname
	68	break
	69	if path:
	70	mutter('using CA bundle: %r', path)
	71	else:
	72	path = ''
	73
	74	if use_cache:
	75	_ca_path = path
	76
	77	return path