Add ssl_certs_file arg and config for custom ca bundles

2019-01-17 12:54:55 +07:00 · 2019-01-17 12:54:55 +07:00 · fbbe9af343
commit fbbe9af343
parent 9986a4cebf
10 changed files with 85 additions and 3 deletions
--- a/wakatime/api.py
+++ b/wakatime/api.py
@ -99,12 +99,16 @@ def send_heartbeats(heartbeats, args, configs, use_ntlm_proxy=False):
            should_try_ntlm = '\\' in args.proxy
            proxies['https'] = args.proxy

+    ssl_verify = not args.nosslverify
+    if args.ssl_certs_file and ssl_verify:
+        ssl_verify = args.ssl_certs_file
+
    # send request to api
    response, code = None, None
    try:
        response = session.post(api_url, data=request_body, headers=headers,
                                proxies=proxies, timeout=timeout,
-                                verify=not args.nosslverify)
+                                verify=ssl_verify)
    except RequestException:
        if should_try_ntlm:
            return send_heartbeats(heartbeats, args, configs, use_ntlm_proxy=True)
--- a/wakatime/arguments.py
+++ b/wakatime/arguments.py
@ -103,6 +103,10 @@ def parse_arguments():
                        help='Disables SSL certificate verification for HTTPS '+
                             'requests. By default, SSL certificates are ' +
                             'verified.')
+    parser.add_argument('--ssl-certs-file', dest='ssl_certs_file',
+                        action=StoreWithoutQuotes,
+                        help='Override the bundled Python Requests CA certs ' +
+                             'file. By default, uses certifi for ca certs.')
    parser.add_argument('--project', dest='project', action=StoreWithoutQuotes,
                        help='Optional project name.')
    parser.add_argument('--alternate-project', dest='alternate_project',
@ -307,6 +311,8 @@ def parse_arguments():
                         'domain\\user:pass.')
    if configs.has_option('settings', 'no_ssl_verify'):
        args.nosslverify = configs.getboolean('settings', 'no_ssl_verify')
+    if configs.has_option('settings', 'ssl_certs_file'):
+        args.ssl_certs_file = configs.get('settings', 'ssl_certs_file')
    if not args.verbose and configs.has_option('settings', 'verbose'):
        args.verbose = configs.getboolean('settings', 'verbose')
    if not args.verbose and configs.has_option('settings', 'debug'):