Commit 9c91679a authored by Philipp Hörist's avatar Philipp Hörist
Browse files

[preview] Add option to disable https verification

parent 42cc1726
......@@ -21,7 +21,7 @@ from gi.repository import GObject
from gi.repository import Gtk
from gajim.options_dialog import OptionsDialog, GenericOption, SpinOption
from gajim.common.const import Option, OptionType
from gajim.common.const import Option, OptionType, OptionKind
class UrlImagePreviewConfigDialog(OptionsDialog):
......@@ -57,6 +57,10 @@ class UrlImagePreviewConfigDialog(OptionsDialog):
callback=self.on_option, data='LEFTCLICK_ACTION',
props={'items': actions,
'plugin': self.plugin}),
Option(OptionKind.SWITCH, _('Enable HTTPS Verification'),
OptionType.VALUE, self.plugin.config['VERIFY'],
callback=self.on_option, data='VERIFY'),
]
OptionsDialog.__init__(self, parent, _('UrlImagePreview Options'),
......
......@@ -18,6 +18,7 @@
import urllib.request as urllib2
import socket
import re
import ssl
from gajim.common import app
from gajim.common import helpers
......@@ -34,12 +35,12 @@ if app.HAVE_PYCURL:
log = logging.getLogger('gajim.plugin_system.url_image_preview.http_functions')
def get_http_head(account, url):
def get_http_head(account, url, verify):
# Check if proxy is used
proxy = helpers.get_proxy_info(account)
if proxy and proxy['type'] in ('http', 'socks5'):
return _get_http_head_proxy(url, proxy)
return _get_http_head_direct(url)
return _get_http_head_direct(url, verify)
def get_http_file(account, attrs):
# Check if proxy is used
......@@ -49,16 +50,23 @@ def get_http_file(account, attrs):
else:
return _get_http_direct(attrs)
def _get_http_head_direct(url):
def _get_http_head_direct(url, verify):
log.debug('Head request direct for URL: %s' % url)
try:
req = urllib2.Request(url)
req.get_method = lambda: 'HEAD'
req.add_header('User-Agent', 'Gajim %s' % app.version)
if os.name == 'nt':
f = urllib2.urlopen(req, cafile=certifi.where())
if not verify:
context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
log.warning('CERT Verification disabled')
f = urllib2.urlopen(req, timeout=30, context=context)
else:
f = urllib2.urlopen(req)
if os.name == 'nt':
f = urllib2.urlopen(req, cafile=certifi.where())
else:
f = urllib2.urlopen(req)
except Exception as ex:
log.debug('Could not get head response for URL: %s' % url)
log.debug("%s" % str(ex))
......@@ -136,10 +144,17 @@ def _get_http_direct(attrs):
try:
req = urllib2.Request(attrs['src'])
req.add_header('User-Agent', 'Gajim ' + app.version)
if os.name == 'nt':
f = urllib2.urlopen(req, cafile=certifi.where())
if not attrs['verify']:
context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
log.warning('CERT Verification disabled')
f = urllib2.urlopen(req, timeout=30, context=context)
else:
f = urllib2.urlopen(req)
if os.name == 'nt':
f = urllib2.urlopen(req, cafile=certifi.where())
else:
f = urllib2.urlopen(req)
except Exception as ex:
log.debug('Error loading file %s '
% attrs['src'] + str(ex))
......
......@@ -81,7 +81,8 @@ class UrlImagePreviewPlugin(GajimPlugin):
'PREVIEW_SIZE': (150, 'Preview size(10-512)'),
'MAX_FILE_SIZE': (524288, 'Max file size for image preview'),
'LEFTCLICK_ACTION': ('open_menuitem', 'Open'),
'ANONYMOUS_MUC': False,}
'ANONYMOUS_MUC': (False, ''),
'VERIFY': (True, ''),}
self.controls = {}
self.history_window_control = None
......@@ -246,8 +247,9 @@ class Base(object):
# then check the mime type and filesize
if urlparts.scheme == 'aesgcm':
real_text = 'https://' + real_text[9:]
verify = self.plugin.config['VERIFY']
app.thread_interface(
get_http_head, [self.textview.account, real_text],
get_http_head, [self.textview.account, real_text, verify],
self._check_mime_size, [real_text, repl_start, repl_end,
filepaths, key, iv, encrypted])
......@@ -403,6 +405,7 @@ class Base(object):
return
attributes = {'src': url,
'verify': self.plugin.config['VERIFY'],
'max_size': max_size,
'filepaths': filepaths,
'key': key,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment