~bzr-pqm/bzr/bzr.dev : contents of bzrlib/transport/http/ca

~bzr-pqm/bzr/bzr.dev : (revision 6615)

# Copyright (C) 2007 Canonical Ltd
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

"""Auto-detect of CA bundle for SSL connections"""

from __future__ import absolute_import

import os
import sys
from bzrlib.trace import mutter


_ca_path = None


def get_ca_path(use_cache=True):
    """Return location of CA bundle"""
    global _ca_path

    if _ca_path is not None and use_cache:
        return _ca_path

    # Find CA bundle for SSL
    # Reimplementation in Python the magic of curl command line tool
    # from "Details on Server SSL Certificates"
    # http://curl.haxx.se/docs/sslcerts.html
    #
    # 4. If you're using the curl command line tool, you can specify your own
    #    CA cert path by setting the environment variable CURL_CA_BUNDLE to the
    #    path of your choice.
    #
    #    If you're using the curl command line tool on Windows, curl will
    #    search for a CA cert file named "curl-ca-bundle.crt" in these
    #    directories and in this order:
    #      1. application's directory
    #      2. current working directory
    #      3. Windows System directory (e.g. C:\windows\system32)
    #      4. Windows Directory (e.g. C:\windows)
    #      5. all directories along %PATH%
    #
    # NOTES:
    #   bialix: Windows directories usually listed in PATH env variable
    #   j-a-meinel: bzr should not look in current working dir

    path = os.environ.get('CURL_CA_BUNDLE')
    if not path and sys.platform == 'win32':
        dirs = [os.path.realpath(os.path.dirname(sys.argv[0]))]     # app dir
        paths = os.environ.get('PATH')
        if paths:
            # don't include the cwd in the search
            paths = [i for i in paths.split(os.pathsep) if i not in ('', '.')]
            dirs.extend(paths)
        for d in dirs:
            fname = os.path.join(d, "curl-ca-bundle.crt")
            if os.path.isfile(fname):
                path = fname
                break
    if path:
        mutter('using CA bundle: %r', path)
    else:
        path = ''

    if use_cache:
        _ca_path = path

    return path

2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	1	# Copyright (C) 2007 Canonical Ltd
	2	#
	3	# This program is free software; you can redistribute it and/or modify
	4	# it under the terms of the GNU General Public License as published by
	5	# the Free Software Foundation; either version 2 of the License, or
	6	# (at your option) any later version.
	7	#
	8	# This program is distributed in the hope that it will be useful,
	9	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	10	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	11	# GNU General Public License for more details.
	12	#
	13	# You should have received a copy of the GNU General Public License
	14	# along with this program; if not, write to the Free Software
4183.7.1 by Sabin Iacob update FSF mailing address	15	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	16
6379.6.7 by Jelmer Vernooij Move importing from future until after doc string, otherwise the doc string will disappear.	17	"""Auto-detect of CA bundle for SSL connections"""
	18
6379.6.3 by Jelmer Vernooij Use absolute_import.	19	from __future__ import absolute_import
6379.6.3 by Jelmer Vernooij Use absolute_import.	20
2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	21	import os
	22	import sys
	23	from bzrlib.trace import mutter
	24
	25
	26	_ca_path = None
	27
	28
	29	def get_ca_path(use_cache=True):
	30	"""Return location of CA bundle"""
	31	global _ca_path
	32
	33	if _ca_path is not None and use_cache:
	34	return _ca_path
	35
	36	# Find CA bundle for SSL
	37	# Reimplementation in Python the magic of curl command line tool
	38	# from "Details on Server SSL Certificates"
	39	# http://curl.haxx.se/docs/sslcerts.html
	40	#
2929.3.19 by Vincent Ladeuil Fix 1.1 related bugs in HTTP server, add HTTPS passing tests (by temporarily disabling pycurl certificate verification).	41	# 4. If you're using the curl command line tool, you can specify your own
	42	# CA cert path by setting the environment variable CURL_CA_BUNDLE to the
	43	# path of your choice.
2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	44	#
2929.3.19 by Vincent Ladeuil Fix 1.1 related bugs in HTTP server, add HTTPS passing tests (by temporarily disabling pycurl certificate verification).	45	# If you're using the curl command line tool on Windows, curl will
	46	# search for a CA cert file named "curl-ca-bundle.crt" in these
	47	# directories and in this order:
2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	48	# 1. application's directory
	49	# 2. current working directory
	50	# 3. Windows System directory (e.g. C:\windows\system32)
	51	# 4. Windows Directory (e.g. C:\windows)
	52	# 5. all directories along %PATH%
2298.5.2 by Alexander Belchenko Don't look in cwd for CA bundle (note from John)	53	#
	54	# NOTES:
	55	# bialix: Windows directories usually listed in PATH env variable
	56	# j-a-meinel: bzr should not look in current working dir
2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	57
	58	path = os.environ.get('CURL_CA_BUNDLE')
	59	if not path and sys.platform == 'win32':
2298.5.2 by Alexander Belchenko Don't look in cwd for CA bundle (note from John)	60	dirs = [os.path.realpath(os.path.dirname(sys.argv[0]))] # app dir
2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	61	paths = os.environ.get('PATH')
	62	if paths:
2298.5.3 by Alexander Belchenko added comment about excluding cwd from PATH	63	# don't include the cwd in the search
	64	paths = [i for i in paths.split(os.pathsep) if i not in ('', '.')]
2298.5.2 by Alexander Belchenko Don't look in cwd for CA bundle (note from John)	65	dirs.extend(paths)
2298.5.1 by Alexander Belchenko Bugfix #82086: Searching location of CA bundle for PyCurl in env variable (CURL_CA_BUNDLE), and on win32 along the PATH	66	for d in dirs:
	67	fname = os.path.join(d, "curl-ca-bundle.crt")
	68	if os.path.isfile(fname):
	69	path = fname
	70	break
	71	if path:
	72	mutter('using CA bundle: %r', path)
	73	else:
	74	path = ''
	75
	76	if use_cache:
	77	_ca_path = path
	78
	79	return path