From 69bd6473d76a830986fe9eec1fc9c593c082481e Mon Sep 17 00:00:00 2001 From: Josh Chorlton Date: Mon, 12 Mar 2018 15:55:57 -0400 Subject: [PATCH] Fix option to disable ssl validation in devserver urlfetch The devserver urlfetch stub does not currently honour the AllowInvalidServerCertificate option. This likely came from a breaking change to httplib (https://docs.python.org/2/library/httplib.html#httplib.HTTPSConnection). Specifically, "This class now performs all the necessary certificate and hostname checks by default. To revert to the previous, unverified, behavior ssl._create_unverified_context() can be passed to the context parameter." This PR passes the unverified context when the caller specifies to allow invalid certs. --- .../google/appengine/api/urlfetch_stub.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/appengine-compat/exported_appengine_sdk/google/appengine/api/urlfetch_stub.py b/appengine-compat/exported_appengine_sdk/google/appengine/api/urlfetch_stub.py index d76bac4c..0648520f 100755 --- a/appengine-compat/exported_appengine_sdk/google/appengine/api/urlfetch_stub.py +++ b/appengine-compat/exported_appengine_sdk/google/appengine/api/urlfetch_stub.py @@ -42,6 +42,7 @@ import os import socket import StringIO +import ssl import sys import urllib import urlparse @@ -416,8 +417,11 @@ def _RetrieveURL(url, payload, method, headers, request, response, - connection_kwargs = ( - {'timeout': deadline} if _CONNECTION_SUPPORTS_TIMEOUT else {}) + connection_kwargs = {} + if _CONNECTION_SUPPORTS_TIMEOUT: + connection_kwargs['timeout'] = deadline + if not validate_certificate: + connection_kwargs['context'] = ssl._create_unverified_context() if proxy_host: proxy_address, _, proxy_port = proxy_host.partition(':')