blob: 56c57fa379977f5e84060048b922f6b9306bc220 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
From 9b12b5d66fa9b832f4d9e19a0b9dcb92607ee3e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@debian.org>
Date: Mon, 2 Oct 2017 20:18:54 -0400
Subject: [PATCH] workaround new limitation in requests
newer requests do not expose the internal SSL socket object so we
cannot verify certificates. there was work to allow custom
verification routines which we could use, but this never finished:
https://github.com/shazow/urllib3/pull/257
so right now, just treat missing socket information as if the cert was
missing.
Closes: #76
---
linkcheck/checker/httpurl.py | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/linkcheck/checker/httpurl.py b/linkcheck/checker/httpurl.py
index 161619c5..bde77c70 100644
--- a/linkcheck/checker/httpurl.py
+++ b/linkcheck/checker/httpurl.py
@@ -194,6 +194,10 @@ def _get_ssl_sock(self):
"""Get raw SSL socket."""
assert self.scheme == u"https", self
raw_connection = self.url_connection.raw._connection
+ if not raw_connection:
+ # this happens with newer requests versions:
+ # https://github.com/linkcheck/linkchecker/issues/76
+ return None
if raw_connection.sock is None:
# sometimes the socket is not yet connected
# see https://github.com/kennethreitz/requests/issues/1966
@@ -204,7 +208,10 @@ def _add_ssl_info(self):
"""Add SSL cipher info."""
if self.scheme == u'https':
sock = self._get_ssl_sock()
- if hasattr(sock, 'cipher'):
+ if not sock:
+ log.debug(LOG_CHECK, "cannot extract SSL certificate from connection")
+ self.ssl_cert = None
+ elif hasattr(sock, 'cipher'):
self.ssl_cert = sock.getpeercert()
else:
# using pyopenssl
|