From 022976d2f669e23760242cfe3c0c12cf0b2fb831 Mon Sep 17 00:00:00 2001 From: theguardian Date: Tue, 20 Oct 2015 21:52:55 -0700 Subject: [PATCH 1/3] added verify_ssl_cert option to fix broken ssl installs --- Headphones.py | 10 ++++++++++ data/interfaces/default/config.html | 6 ++++++ headphones/config.py | 2 +- headphones/webserve.py | 3 ++- 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/Headphones.py b/Headphones.py index 0d31534e..713a628b 100755 --- a/Headphones.py +++ b/Headphones.py @@ -177,6 +177,16 @@ def main(): "module to enable HTTPS. HTTPS will be disabled.") headphones.CONFIG.ENABLE_HTTPS = False + #This fix is put in place for systems with broken SSL (like QNAP) + certificate_verification = headphones.CONFIG.VERIFY_SSL_CERT + if not certificate_verification: + try: + import ssl + ssl._create_default_https_context = ssl._create_unverified_context + except: + pass + #==== end block (should be configurable at settings level) + # Try to start the server. Will exit here is address is already in use. web_config = { 'http_port': http_port, diff --git a/data/interfaces/default/config.html b/data/interfaces/default/config.html index 5688ce6d..a6f3f6f6 100644 --- a/data/interfaces/default/config.html +++ b/data/interfaces/default/config.html @@ -80,6 +80,12 @@ +
+ + +
diff --git a/headphones/config.py b/headphones/config.py index 97cc5e6c..9d48f471 100644 --- a/headphones/config.py +++ b/headphones/config.py @@ -253,7 +253,7 @@ _CONFIG_DEFINITIONS = { 'UTORRENT_LABEL': (str, 'uTorrent', ''), 'UTORRENT_PASSWORD': (str, 'uTorrent', ''), 'UTORRENT_USERNAME': (str, 'uTorrent', ''), - 'VERIFY_SSL_CERT': (bool_int, 'Advanced', 1), + 'VERIFY_SSL_CERT': (int, 'Advanced', 1), 'WAIT_UNTIL_RELEASE_DATE' : (int, 'General', 0), 'WAFFLES': (int, 'Waffles', 0), 'WAFFLES_PASSKEY': (str, 'Waffles', ''), diff --git a/headphones/webserve.py b/headphones/webserve.py index 815c5e9f..b7f2874a 100644 --- a/headphones/webserve.py +++ b/headphones/webserve.py @@ -1025,6 +1025,7 @@ class WebInterface(object): "enable_https": checked(headphones.CONFIG.ENABLE_HTTPS), "https_cert": headphones.CONFIG.HTTPS_CERT, "https_key": headphones.CONFIG.HTTPS_KEY, + "verify_ssl_cert": checked(headphones.CONFIG.VERIFY_SSL_CERT), "api_enabled": checked(headphones.CONFIG.API_ENABLED), "api_key": headphones.CONFIG.API_KEY, "download_scan_interval": headphones.CONFIG.DOWNLOAD_SCAN_INTERVAL, @@ -1286,7 +1287,7 @@ class WebInterface(object): # Handle the variable config options. Note - keys with False values aren't getting passed checked_configs = [ - "launch_browser", "enable_https", "api_enabled", "use_blackhole", "headphones_indexer", "use_newznab", "newznab_enabled", "use_torznab", "torznab_enabled", + "launch_browser", "enable_https", "verify_ssl_cert", "api_enabled", "use_blackhole", "headphones_indexer", "use_newznab", "newznab_enabled", "use_torznab", "torznab_enabled", "use_nzbsorg", "use_omgwtfnzbs", "use_kat", "use_piratebay", "use_oldpiratebay", "use_mininova", "use_waffles", "use_rutracker", "use_whatcd", "use_strike", "preferred_bitrate_allow_lossless", "detect_bitrate", "ignore_clean_releases", "freeze_db", "cue_split", "move_files", "rename_files", "correct_metadata", "cleanup_files", "keep_nfo", "add_album_art", "embed_album_art", "embed_lyrics", From aa6cf97324c26d5aa792cfa0913fd70c26e24189 Mon Sep 17 00:00:00 2001 From: theguardian Date: Thu, 22 Oct 2015 07:58:57 -0700 Subject: [PATCH 2/3] made requested fixes --- Headphones.py | 15 +++++---------- data/interfaces/default/config.html | 6 ------ headphones/config.py | 2 +- headphones/webserve.py | 3 +-- 4 files changed, 7 insertions(+), 19 deletions(-) diff --git a/Headphones.py b/Headphones.py index 713a628b..c4fa80d4 100755 --- a/Headphones.py +++ b/Headphones.py @@ -22,6 +22,11 @@ sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'lib/')) from headphones import webstart, logger +if sys.version_info >= (2, 7, 9): + import ssl + # pylint: disable=W0212 + ssl._create_default_https_context = ssl._create_unverified_context + import locale import time import signal @@ -177,16 +182,6 @@ def main(): "module to enable HTTPS. HTTPS will be disabled.") headphones.CONFIG.ENABLE_HTTPS = False - #This fix is put in place for systems with broken SSL (like QNAP) - certificate_verification = headphones.CONFIG.VERIFY_SSL_CERT - if not certificate_verification: - try: - import ssl - ssl._create_default_https_context = ssl._create_unverified_context - except: - pass - #==== end block (should be configurable at settings level) - # Try to start the server. Will exit here is address is already in use. web_config = { 'http_port': http_port, diff --git a/data/interfaces/default/config.html b/data/interfaces/default/config.html index a6f3f6f6..5688ce6d 100644 --- a/data/interfaces/default/config.html +++ b/data/interfaces/default/config.html @@ -80,12 +80,6 @@ -
- - -
diff --git a/headphones/config.py b/headphones/config.py index 9d48f471..97cc5e6c 100644 --- a/headphones/config.py +++ b/headphones/config.py @@ -253,7 +253,7 @@ _CONFIG_DEFINITIONS = { 'UTORRENT_LABEL': (str, 'uTorrent', ''), 'UTORRENT_PASSWORD': (str, 'uTorrent', ''), 'UTORRENT_USERNAME': (str, 'uTorrent', ''), - 'VERIFY_SSL_CERT': (int, 'Advanced', 1), + 'VERIFY_SSL_CERT': (bool_int, 'Advanced', 1), 'WAIT_UNTIL_RELEASE_DATE' : (int, 'General', 0), 'WAFFLES': (int, 'Waffles', 0), 'WAFFLES_PASSKEY': (str, 'Waffles', ''), diff --git a/headphones/webserve.py b/headphones/webserve.py index b7f2874a..815c5e9f 100644 --- a/headphones/webserve.py +++ b/headphones/webserve.py @@ -1025,7 +1025,6 @@ class WebInterface(object): "enable_https": checked(headphones.CONFIG.ENABLE_HTTPS), "https_cert": headphones.CONFIG.HTTPS_CERT, "https_key": headphones.CONFIG.HTTPS_KEY, - "verify_ssl_cert": checked(headphones.CONFIG.VERIFY_SSL_CERT), "api_enabled": checked(headphones.CONFIG.API_ENABLED), "api_key": headphones.CONFIG.API_KEY, "download_scan_interval": headphones.CONFIG.DOWNLOAD_SCAN_INTERVAL, @@ -1287,7 +1286,7 @@ class WebInterface(object): # Handle the variable config options. Note - keys with False values aren't getting passed checked_configs = [ - "launch_browser", "enable_https", "verify_ssl_cert", "api_enabled", "use_blackhole", "headphones_indexer", "use_newznab", "newznab_enabled", "use_torznab", "torznab_enabled", + "launch_browser", "enable_https", "api_enabled", "use_blackhole", "headphones_indexer", "use_newznab", "newznab_enabled", "use_torznab", "torznab_enabled", "use_nzbsorg", "use_omgwtfnzbs", "use_kat", "use_piratebay", "use_oldpiratebay", "use_mininova", "use_waffles", "use_rutracker", "use_whatcd", "use_strike", "preferred_bitrate_allow_lossless", "detect_bitrate", "ignore_clean_releases", "freeze_db", "cue_split", "move_files", "rename_files", "correct_metadata", "cleanup_files", "keep_nfo", "add_album_art", "embed_album_art", "embed_lyrics", From aae0476967e40626c78166c5a96f37da16fd3936 Mon Sep 17 00:00:00 2001 From: theguardian Date: Thu, 22 Oct 2015 08:53:43 -0700 Subject: [PATCH 3/3] check for affected python versions --- Headphones.py | 5 ----- headphones/request.py | 9 +++++++++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/Headphones.py b/Headphones.py index c4fa80d4..0d31534e 100755 --- a/Headphones.py +++ b/Headphones.py @@ -22,11 +22,6 @@ sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'lib/')) from headphones import webstart, logger -if sys.version_info >= (2, 7, 9): - import ssl - # pylint: disable=W0212 - ssl._create_default_https_context = ssl._create_unverified_context - import locale import time import signal diff --git a/headphones/request.py b/headphones/request.py index a3493f79..98bfaff9 100644 --- a/headphones/request.py +++ b/headphones/request.py @@ -18,6 +18,7 @@ from headphones import logger from xml.dom import minidom from bs4 import BeautifulSoup +import sys import requests import feedparser import headphones @@ -54,6 +55,14 @@ def request_response(url, method="get", auto_raise=True, # pose a security issue! kwargs["verify"] = bool(headphones.CONFIG.VERIFY_SSL_CERT) + #This fix is put in place for systems with broken SSL (like QNAP) + if not headphones.CONFIG.VERIFY_SSL_CERT and sys.version_info >= (2, 7, 9): + try: + import ssl + ssl._create_default_https_context = ssl._create_unverified_context + except: + pass + # Map method to the request.XXX method. This is a simple hack, but it # allows requests to apply more magic per method. See lib/requests/api.py. request_method = getattr(requests, method.lower())