Include a cacert file when needed for the upgrade check. Fixes #3185

2025-01-23 23:13:38 -06:00 · 2018-07-23 16:15:58 +01:00 · 2018-07-23 16:15:58 +01:00 · d7eb41fff4
commit d7eb41fff4
parent 58ef723476
4 changed files with 14 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -41,4 +41,5 @@ web/regression/test_config.json
 node_modules/
 web/pgAdmin/static/js/generated
 web/pgadmin/static/js/generated
-web/yarn-error.log
+web/yarn-error.log
+/web/cacert.pem
--- a/pkg/mac/build.sh
+++ b/pkg/mac/build.sh
@ -198,6 +198,8 @@ _complete_bundle() {
    pushd $SOURCEDIR/web
        yarn install
        yarn run bundle
+
+        curl https://curl.haxx.se/ca/cacert.pem -o cacert.pem -s || { echo Failed to download cacert.pem; exit 1; }
    popd

    # copy the web directory to the bundle as it is required by runtime
--- a/web/config.py
+++ b/web/config.py
@ -294,6 +294,11 @@ UPGRADE_CHECK_ENABLED = True
 # Where should we get the data from?
 UPGRADE_CHECK_URL = 'https://www.pgadmin.org/versions.json'

+# Which CA file should we use?
+# Default to cacert.pem in the same directory as config.py et al.
+CA_FILE = os.path.join(os.path.dirname(os.path.realpath(__file__)),
+                       "cacert.pem")
+
 ##########################################################################
 # Storage Manager storage url config settings
 # If user sets STORAGE_DIR to empty it will show all volumes if platform
@ -399,4 +404,3 @@ if (SUPPORT_SSH_TUNNEL is True and
    ((sys.version_info[0] == 2 and sys.version_info[1] < 7) or
     (sys.version_info[0] == 3 and sys.version_info[1] < 4))):
    SUPPORT_SSH_TUNNEL = False
-
--- a/web/pgadmin/browser/init.py
+++ b/web/pgadmin/browser/init.py
@ -9,6 +9,7 @@

 import json
 import logging
+import os
 from abc import ABCMeta, abstractmethod, abstractproperty
 from smtplib import SMTPConnectError, SMTPResponseException, \
    SMTPServerDisconnected, SMTPDataError, SMTPHeloError, SMTPException, \
@ -505,7 +506,10 @@ def index():
            # Do not wait for more than 5 seconds.
            # It stuck on rendering the browser.html, while working in the
            # broken network.
-            response = urlreq.urlopen(url, data, 5)
+            if os.path.exists(config.CA_FILE):
+                response = urlreq.urlopen(url, data, 5, cafile=config.CA_FILE)
+            else:
+                response = urlreq.urlopen(url, data, 5)
            current_app.logger.debug(
                'Version check HTTP response code: %d' % response.getcode()
            )