mirror of
https://github.com/Mikaela/Limnoria.git
synced 2024-11-29 22:29:24 +01:00
utils.net: always check fingerprints if they are set, even if verifyCertificates is False.
It makes sense that manually configuring fingerprints overrides this value which defaults to False.
This commit is contained in:
parent
9317a67345
commit
57da6d04e2
@ -1377,7 +1377,8 @@ registerGroup(supybot.protocols, 'ssl')
|
|||||||
registerGlobalValue(supybot.protocols.ssl, 'verifyCertificates',
|
registerGlobalValue(supybot.protocols.ssl, 'verifyCertificates',
|
||||||
registry.Boolean(False, _("""Determines whether server certificates
|
registry.Boolean(False, _("""Determines whether server certificates
|
||||||
will be verified, which checks whether the server certificate is signed
|
will be verified, which checks whether the server certificate is signed
|
||||||
by a known certificate authority, and aborts the connection if it is not.""")))
|
by a known certificate authority, and aborts the connection if it is not.
|
||||||
|
This is assumed to be True of serverFingerprints is set.""")))
|
||||||
|
|
||||||
|
|
||||||
###
|
###
|
||||||
|
@ -187,7 +187,7 @@ def ssl_wrap_socket(conn, hostname, logger, certfile=None,
|
|||||||
context.load_cert_chain(certfile)
|
context.load_cert_chain(certfile)
|
||||||
with _prefix_ssl_error('establishing TLS connection'):
|
with _prefix_ssl_error('establishing TLS connection'):
|
||||||
conn = context.wrap_socket(conn, server_hostname=hostname)
|
conn = context.wrap_socket(conn, server_hostname=hostname)
|
||||||
if verify and trusted_fingerprints:
|
if trusted_fingerprints:
|
||||||
check_certificate_fingerprint(conn, trusted_fingerprints)
|
check_certificate_fingerprint(conn, trusted_fingerprints)
|
||||||
return conn
|
return conn
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user