Commit da247e04 authored by Tanner Prestegard's avatar Tanner Prestegard

Remove ability to use cheap certs for test hosts

parent ae941b7d
......@@ -35,7 +35,6 @@ from .utils import event_or_superevent, handle_str_or_list_arg, safe_netrc, \
cleanListInput, get_dt_from_openssl_output, is_expired
DEFAULT_SERVICE_URL = "https://gracedb.ligo.org/api/"
KNOWN_TEST_HOSTS = ['moe.phys.uwm.edu', 'embb-dev.ligo.caltech.edu', 'simdb.phys.uwm.edu',]
#---------------------------------------------------------------------
# This monkey patch forces TLSv1 if the python version is 2.6.6.
......@@ -162,15 +161,11 @@ class GsiRest(object):
msg += "Please run ligo-proxy-init or grid-proxy-init again "
msg += "or make sure your robot certificate is readable.\n\n"
self.output_and_die(msg)
# Generally speaking, test boxes use cheap/free certs from the LIGO CA.
# These cannot be verified by the client.
if host in KNOWN_TEST_HOSTS:
ssl_context.verify_mode = ssl.CERT_NONE
else:
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = True
# Find the various CA cert bundles stored on the system
ssl_context.load_default_certs()
# Load and verify certificates
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = True
# Find the various CA cert bundles stored on the system
ssl_context.load_default_certs()
if proxy_host:
self.connector = lambda: ProxyHTTPSConnection(proxy_host, proxy_port, context=ssl_context)
......@@ -2033,15 +2028,10 @@ class GraceDbBasic(GraceDb):
# Use the new method with SSL Context
# Prepare SSL context
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
# Generally speaking, test boxes use cheap/free certs from the LIGO CA.
# These cannot be verified by the client.
if host in KNOWN_TEST_HOSTS:
ssl_context.verify_mode = ssl.CERT_NONE
else:
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = True
# Find the various CA cert bundles stored on the system
ssl_context.load_default_certs()
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = True
# Find the various CA cert bundles stored on the system
ssl_context.load_default_certs()
if proxy_host:
self.connector = lambda: ProxyHTTPSConnection(proxy_host, proxy_port, context=ssl_context)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment