use python-request instead of pycurl or M2Crypto (#6540)

2015-03-17 18:01:37 +01:00 · 2015-03-17 18:01:37 +01:00 · d0a691f5b6
parent 0bea1f086a
commit d0a691f5b6
2 changed files with 7 additions and 75 deletions
--- a/src/authentic2/app_settings.py
+++ b/src/authentic2/app_settings.py
@ -82,12 +82,8 @@ default_settings = dict(
        definition='List of attribute backend classes or modules',
    ),
    CAFILE = Setting(names=('AUTHENTIC2_CAFILE', 'CAFILE'),
-            default='/etc/ssl/certs/ca-certificates.crt',
+            default=None,
            definition='File containing certificate chains as PEM certificates'),
-    CAPATH = Setting(names=('AUTHENTIC2_CAPATH', 'CAPATH'), default='/etc/ssl/certs/',
-            definition='Directory containing PEM certificates named'
-            ' using OpenSSL certificate directory convention. '
-            'See http://www.openssl.org/docs/apps/verify.html#item__CApath'),
    A2_REGISTRATION_URLCONF = Setting(default='authentic2.registration_backend.urls',
                definition='Root urlconf for the /accounts endpoints'),
    A2_REGISTRATION_FORM_CLASS = Setting(default='authentic2.registration_backend.forms.RegistrationForm',
--- a/src/authentic2/http_utils.py
+++ b/src/authentic2/http_utils.py
@ -1,75 +1,11 @@
-import cStringIO
-import urllib2

-pycurl = None
-try:
-    import pycurl
-except ImportError:
-    pass
-M2Crypto = None
-try:
-    import M2Crypto
-except ImportError:
-    pass
+import requests

 from authentic2 import app_settings

-def get_url_pycurl(url):
-    '''Use pycurl to retrieve an HTTPS URL, preferred to M2Crypto as it also
-       handles Server Name Indication (SNI).
-    '''
-    try:
-        buf = cStringIO.StringIO()
-        c = pycurl.Curl()
-        c.setopt(c.URL, str(url))
-        c.setopt(c.WRITEFUNCTION, buf.write)
-        c.setopt(pycurl.CAINFO, app_settings.CAFILE)
-        c.setopt(pycurl.CAPATH, app_settings.CAPATH)
-        if app_settings.A2_VERIFY_SSL:
-            c.setopt(pycurl.SSL_VERIFYHOST, 2)
-            c.setopt(pycurl.SSL_VERIFYPEER, 1)
-        else:
-            c.setopt(pycurl.SSL_VERIFYHOST, 0)
-            c.setopt(pycurl.SSL_VERIFYPEER, 0)
-        c.perform()
-        r = buf.getvalue()
-        buf.close()
-        http_code = c.getinfo(pycurl.HTTP_CODE)
-        if http_code != 200:
-            raise urllib2.HTTPError(url, http_code, None, None, None)
-        return r
-    except pycurl.error, e:
-        # Wrap error
-        raise urllib2.URLError('SSL access error %s' % e)
-
-__M2CRYPTO_SSL_CONTEXT = None
-
-def get_m2crypto_ssl_context():
-    '''Create an SSL Context and cache it in global __M2CRYPTO_SSL_CONTEXT'''
-    global __M2CRYPTO_SSL_CONTEXT
-
-    if __M2CRYPTO_SSL_CONTEXT is None:
-        __M2CRYPTO_SSL_CONTEXT = M2Crypto.SSL.Context()
-        __M2CRYPTO_SSL_CONTEXT.load_verify_locations(cafile=app_settings.CAFILE, 
-                capath=app_settings.CAPATH)
-    return __M2CRYPTO_SSL_CONTEXT
-
-def get_url_m2crypto(url):
-    '''Use M2Crypto to retrieve an HTTPs URL'''
-    try:
-        return M2Crypto.m2urllib2.build_opener(get_m2crypto_ssl_context()).open(url).read()
-    except M2Crypto.SSL.Checker.SSLVerificationError, e:
-        # Wrap error
-        raise urllib2.URLError('SSL Verification error %s' % e)
-
 def get_url(url):
-    '''Does a simple GET on an URL, if the URL uses TLS, M2Crypto is used to
-       check the certificate'''
-
-    if url.startswith('https'):
-        if pycurl:
-            return get_url_pycurl(url)
-        if M2Crypto:
-            return get_url_m2crypto(url)
-        raise urllib2.URLError('https is unsupported without either pyCurl or M2Crypto')
-    return urllib2.urlopen(url).read()
+    '''Does a simple GET on an URL, check the certificate'''
+    verify = app_settings.A2_VERIFY_SSL
+    if verify and app_settings.CAFILE:
+        verify = app_settings.CAFILE
+    return requests.get(url, verify=verify).text