neuroticnerd/sslpatches.py

## sslpatches.py
# NOTE: these workarounds are collected here, but are NOT my work,
#     credit goes to the original authors for finding the workarounds!
# TODO: add links to articles crediting original authors

try:
    """
    if you don't want to patch the ssl library and are just using
    requests, then you can use an adapter to force TLS on HTTPS;
    """
    import requests
    from requests.adapters import HTTPAdapter
    from requests.packages.urllib3.poolmanager import PoolManager

    class TLSAdapter(HTTPAdapter):
        """adapter allowing default TLS connections"""
        def init_poolmanager(self, connections, maxsize, block=False):
            self.poolmanager = PoolManager(
                num_pools=connections,
                maxsize=maxsize,
                block=block,
                ssl_version=ssl.PROTOCOL_TLSv1)

    def no_warnings():
        """disables urllib3 warnings (for verify=False on dev scripts)"""
        requests.packages.urllib3.disable_warnings()
except:
    print "requests library required"


def inject_urllib3():
    """
    requires urllib3, pyopenssl, ndg-httpsclient, pyasn1
    !note: pyopenssl is currently bugged for HTTPS requests!
    """
    try:
        import urllib3, OpenSSL, ndg, pyasn1
        from urllib3.contrib import pyopenssl
        pyopenssl.inject_into_urllib3()
    except:
        print "SSL fix libraries are missing"


def ignore_broken_chunked_encoding():
    """
    when a server sends an improper response for chunked encoding,
    terminates the connection early, or shouldn't be using chunked
    transfer encoding in the first place, it causes exceptions
    when using the requests library; this essentially suppresses
    the exceptions, but the server is what really needs to be fixed
    """
    try:
        import httplib
        def patch_read(func):
            def inner(*args):
                try:
                    return func(*args)
                except httplib.IncompleteRead, e:
                    return e.partial
            return inner
        # prevents broken chunked encoding to raise stupid errors
        httplib.HTTPResponse.read = patch_read(httplib.HTTPResponse.read)
    except:
        print "httplib cannot be found"


def forceSSLversion(ssl_version=None):
    """
    this will force TLS for all SSL connections, which can fix
    some pesky EOF exceptions and SSLv3 exceptions
    !note: you must NOT have pyopenssl installed!
    """
    try:
        import ssl
        from functools import wraps
        if ssl_version is None:
            ssl_version = ssl.PROTOCOL_TLSv1
        def sslwrap(func):
            @wraps(func)
            def wrapped_socket(*args, **kwargs):
                kwargs['ssl_version'] = ssl_version
                return func(*args, **kwargs)
            return wrapped_socket
        ssl.wrap_socket = sslwrap(ssl.wrap_socket)
    except:
        print "error patching SSL library"
	# NOTE: these workarounds are collected here, but are NOT my work,
	# credit goes to the original authors for finding the workarounds!
	# TODO: add links to articles crediting original authors

	try:
	"""
	if you don't want to patch the ssl library and are just using
	requests, then you can use an adapter to force TLS on HTTPS;
	"""
	import requests
	from requests.adapters import HTTPAdapter
	from requests.packages.urllib3.poolmanager import PoolManager

	class TLSAdapter(HTTPAdapter):
	"""adapter allowing default TLS connections"""
	def init_poolmanager(self, connections, maxsize, block=False):
	self.poolmanager = PoolManager(
	num_pools=connections,
	maxsize=maxsize,
	block=block,
	ssl_version=ssl.PROTOCOL_TLSv1)

	def no_warnings():
	"""disables urllib3 warnings (for verify=False on dev scripts)"""
	requests.packages.urllib3.disable_warnings()
	except:
	print "requests library required"


	def inject_urllib3():
	"""
	requires urllib3, pyopenssl, ndg-httpsclient, pyasn1
	!note: pyopenssl is currently bugged for HTTPS requests!
	"""
	try:
	import urllib3, OpenSSL, ndg, pyasn1
	from urllib3.contrib import pyopenssl
	pyopenssl.inject_into_urllib3()
	except:
	print "SSL fix libraries are missing"


	def ignore_broken_chunked_encoding():
	"""
	when a server sends an improper response for chunked encoding,
	terminates the connection early, or shouldn't be using chunked
	transfer encoding in the first place, it causes exceptions
	when using the requests library; this essentially suppresses
	the exceptions, but the server is what really needs to be fixed
	"""
	try:
	import httplib
	def patch_read(func):
	def inner(*args):
	try:
	return func(*args)
	except httplib.IncompleteRead, e:
	return e.partial
	return inner
	# prevents broken chunked encoding to raise stupid errors
	httplib.HTTPResponse.read = patch_read(httplib.HTTPResponse.read)
	except:
	print "httplib cannot be found"


	def forceSSLversion(ssl_version=None):
	"""
	this will force TLS for all SSL connections, which can fix
	some pesky EOF exceptions and SSLv3 exceptions
	!note: you must NOT have pyopenssl installed!
	"""
	try:
	import ssl
	from functools import wraps
	if ssl_version is None:
	ssl_version = ssl.PROTOCOL_TLSv1
	def sslwrap(func):
	@wraps(func)
	def wrapped_socket(args, *kwargs):
	kwargs['ssl_version'] = ssl_version
	return func(args, *kwargs)
	return wrapped_socket
	ssl.wrap_socket = sslwrap(ssl.wrap_socket)
	except:
	print "error patching SSL library"