8000 Ensure eventlet SSL HTTPs contexts allow HTTP verify disabled by Tehsmash · Pull Request #485 · eventlet/eventlet · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Ensure eventlet SSL HTTPs contexts allow HTTP verify disabled #485

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Ensure eventlet SSL HTTPs contexts allow HTTP verify disabled #485

wants to merge 1 commit into from

Conversation

Tehsmash
Copy link
@Tehsmash Tehsmash commented Apr 30, 2018
edited by temoto
Loading

Monkey patched SSL context does not observe environment PYTHONHTTPSVERIFY=0 or PEP 493 settings

Eventlet monkey patches the default SSL context and as a result circumvents the logic added to python's ssl.py to change the default SSL verification behaviour here https://github.com/python/cpython/blob/2.7/Lib/ssl.py#L508-L518

Python SSL supports a couple of different ways to disable HTTPS
verification, either via an environment variable or via methods defined
in PEP 493. To ensure these work we must call the original
_create_default_https_context function to ensure we are calling the
right default https context (verified or unverified) function according
set by the https context factory.

Fixes #484

@Tehsmash
Ensure eventlet SSL HTTPs contexts allow HTTP verify disabled
b8699f3 
Python SSL supports a couple of different ways to disable HTTPS
verification, either via an environment variable or via methods defined
in PEP 493. To ensure these work we must call the original
_create_default_https_context function to ensure we are calling the
right default https context (verified or unverified) function according
set by the https context factory.

Fixes eventlet#484
@temoto temoto mentioned this pull request Apr 30, 2018
Closed
@codecov-io
Copy link
codecov-io commented Apr 30, 2018
edited
Loading

Codecov Report

Merging #485 into master will increase coverage by <1%.
The diff coverage is 83%.

Impacted file tree graph

@@          Coverage Diff           @@
##           master   #485    +/-   ##
======================================
+ Coverage      45%    45%   +<1%     
======================================
  Files          82     82            
  Lines        8024   8029     +5     
  Branches     1372   1372            
======================================
+ Hits         3622   3626     +4     
- Misses       4159   4160     +1     
  Partials      243    243
Flag Coverage Δ
#ipv6 14% <50%> (ø) ⬆️
#py27epolls 48% <83%> (-1%) ⬇️
#py27poll 47% <83%> (-1%) ⬇️
#py27selects 47% <83%> (ø) ⬆️
#py33epolls 40% <50%> (-1%) ⬇️
#py33poll 40% <50%> (ø) ⬆️
#py33selects 40% <50%> (ø) ⬆️
#py34epolls 41% <83%> (ø) ⬆️
#py34poll 41% <83%> (-1%) ⬇️
#py34selects 40% <83%> (ø) ⬆️
#py35epolls 41% <83%> (ø) ⬆️
#py35poll 40% <83%> (-1%) ⬇️
#py35selects 40% <83%> (-1%) ⬇️
#py36epolls 41% <83%> (ø) ⬆️
#py36poll 40% <83%> (-1%) ⬇️
#py36selects 40% <83%> (ø) ⬆️
Impacted Files Coverage Δ
eventlet/green/ssl.py 65% <83%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1d6d892...b8699f3. Read the comment docs.

temoto added a commit that referenced this pull request May 1, 2018
@temoto
test for #485
c9eaa1c
@temoto
Copy link
Member
temoto commented May 1, 2018

@Tehsmash did you verify it? I've tried to construct a test case c9eaa1c and it seems to verify certificate in spite environment flag.

@Tehsmash
Copy link
Author
Tehsmash commented May 2, 2018

I verified it with a small python script, here are my results:

$ cat test.py 
import ssl
import eventlet
import urllib2
from eventlet.green import ssl as greenssl

eventlet.monkey_patch(os=False)
print(ssl._create_default_https_context)
print(urllib2.urlopen("https://expired.badssl.com/"))

$ export PYTHONHTTPSVERIFY=1
$ python test.py 
<function green_create_default_https_context at 0x7feefd1da230>
Traceback (most recent call last):
  File "test.py", line 10, in <module>
    print(urllib2.urlopen("https://expired.badssl.com/"))
  File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python2.7/urllib2.py", line 429, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 447, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1241, in https_open
    context=self._context)
  File "/usr/lib/python2.7/urllib2.py", line 1198, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>

$ export PYTHONHTTPSVERIFY=0
$ python test.py
<function green_create_default_https_context at 0x7efd0fd16230>
<addinfourl at 139625356258336 whose fp = <socket._fileobject object at 0x7efd11791250>>

@temoto temoto added this to the 0.24 milestone May 8, 2018
@temoto temoto modified the milestones: 0.24, 0.25 Aug 3, 2018
temoto added a commit that referenced this pull request Aug 19, 2020
@temoto
test for #485
b02be92
temoto added a commit that referenced this pull request Oct 19, 2020
@temoto
test for #485
cc37a5e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
importance-enhancement
Projects
None yet
Milestone
v0.25
Development

Successfully merging this pull request may close these issues.
3 participants
@Tehsmash @codecov-io @temoto
0