search

lczub / TestLink-API-Python-client

A Python client to use the TestLink API
104 stars 63 forks source link

Self signed / Let's Encrypt SSL certificate support #90

Closed esgn closed 6 years ago

esgn commented 6 years ago

Hi,

I'm trying to use your plugin with a testlink instance deployed with a let's encrypt ssl certificate. When I try a simple API call through your plugin I get a "certificate verify failed" error caused, I presume, by xmlrpclib. Any idea what would be the best way to support self-signed certificates ?

Thanx in advance

lczub commented 6 years ago

Hello Emmanuel,

to be honest, I have no real experiences with SSL certificates. If I understand xmlrpclib pydoc right, 

class TestlinkAPIGeneric(object):
...
    def __init__(self, server_url, devKey, **args):
        transport=args.get('transport')
        encoding=args.get('encoding')
        verbose=args.get('verbose',0)
        allow_none=args.get('allow_none',0)
        self.server = xmlrpclib.Server(server_url, transport, encoding,
                                       verbose, allow_none)
...

must support as additional optional args the xmlrpclib context parameter. But I have currently no idea, what you have to define as ssl.SSLContext.

So the TestlinkAPIGenric.py code change would be something like

class TestlinkAPIGeneric(object):
...
    def __init__(self, server_url, devKey, **args):
        transport=args.get('transport')
        encoding=args.get('encoding')
        verbose=args.get('verbose',0)
        allow_none=args.get('allow_none',0)
        use_datetime = args.get('use_datetime', 0)
        context = args.get('context', None)
        self.server = xmlrpclib.Server(server_url, transport, encoding,
                                       verbose, allow_none, use_datetime, context)
...

and your test call might be

a_context = ssl.create_default_context(?????)
a_api = TestlinkAPIGeneric("YOUR_HTPS_TL_SERVER_URL", "YOUR_TL_DEVKEY", "context", a_context)

Helps this a little bit ? Would it be possible for you to play around with this changes and check, if you can find a working ssl.context definition?

Regards Luiko

esgn commented 6 years ago

From what i've seen (e.g : https://stackoverflow.com/questions/30461969/disable-default-certificate-verification-in-python-2-7-9) the idea is to create a context=ssl._create_unverified_context().Will try and play with it this week if I find some time. If not, will be in september. Regards

esgn commented 6 years ago

Not sure how to test properly in a python project but here is what works for me. Did the following edit in testlinkapigeneric.py then setup.py install and now my api calls work with self signed certificate

import ssl 
...
    def __init__(self, server_url, devKey, **args):
        transport=args.get('transport')
        encoding=args.get('encoding')
        verbose=args.get('verbose',0)
        allow_none=args.get('allow_none',0)
        use_datetime = args.get('use_datetime', 0)
        context = args.get('context', ssl._create_unverified_context())
        self.server = xmlrpclib.Server(server_url, transport, encoding,
                                       verbose, allow_none, use_datetime, context)

Trouble is ssl does not have the _create_unverified_context() before 2.7.9 and it seems xmlrpclib does not support a context either. Solution would be to use transport with something like

context = hasattr(ssl, '_create_unverified_context') and ssl._create_unverified_context() or None
test = xmlrpclib.Server(server_url, transport=xmlrpclib.SafeTransport(use_datetime=True, context=context) ...

But transport is already used I presume. Do you know how ?

lczub commented 6 years ago

Hello Emmanuel,

using transport was introduced with #36 (and adjusted with #56) to support proxy configurations.

It is set in TestLinkHelper.connect() - getProxiedTransport().

Did I understand you right, that you are using a Python Version before 2.7.9 ? We have to rethink, how we can adjust TestLinkHelper to support Proxy and Self-Sign-Certificate Support . Maybe in a first step either Proxy or Self-Sign-Certificate Support , not both in parallel?

Regards Luiko

esgn commented 6 years ago

No no I'm using 2.7.13. My point was that in order to make a patch that is compatible with most versions of Python Transport should be used instead of ssl context. Regarding the first step I have no particular idea. Only self signed would be enough for me ;)

lczub commented 6 years ago

Hello Emmanuel, you find know on branch tl-future a commit, which should support your self signed certificate situation https://github.com/lczub/TestLink-API-Python-client/archive/tl-future.zip

TestLinkHelper should know define the uncertificate context, when you call it with a HTTPS url without defining a special sssl context.

Hope this works and help,

regards Luiko

lczub commented 6 years ago

seams to work, if not please reopen.