Skip to content

Commit 5dbe536

Browse files
drojfdrojf
committed
Test URLOpen with different certs to resolve MacOS cert problem
1 parent ba43e00 commit 5dbe536

File tree

2 files changed

+46
-4
lines changed

2 files changed

+46
-4
lines changed

common.py

Lines changed: 45 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -188,6 +188,7 @@ class Globals:
188188
PROTON_WITH_ASSETS_OVERRIDE_MESSAGE = "NOTE: Game is running under Proton/Wine, but user has deliberately selected which OS's assets to install, so it is OK"
189189

190190
CA_CERT_PATH = None
191+
URLOPEN_CERT_PATH = None
191192
URLOPEN_IS_BROKEN = False
192193

193194
NATIVE_LAUNCHER_PATH = None
@@ -240,11 +241,11 @@ def testCurlHeaders(url, certPath):
240241

241242
for certificate_path in paths_to_try:
242243
if not testCurlHeaders('https://07th-mod.com/', certificate_path):
243-
print("chooseCurlCertificate(): Failed to download headers using CURL from 07th-mod.com using cert {}".format(certificate_path))
244+
print("chooseCurlCertificate(): Failed to download headers using CURL from 07th-mod.com using cert [{}]".format(certificate_path))
244245
continue
245246

246247
if not testCurlHeaders('https://github.com/', certificate_path):
247-
print("chooseCurlCertificate(): Failed to download headers using CURL from github.com using cert {}".format(certificate_path))
248+
print("chooseCurlCertificate(): Failed to download headers using CURL from github.com using cert [{}]".format(certificate_path))
248249
continue
249250

250251
print("chooseCurlCertificate(): Successfully used certificate {} to download from 07th-mod and github".format(certificate_path))
@@ -253,6 +254,39 @@ def testCurlHeaders(url, certPath):
253254

254255
print("chooseCurlCertificate(): ERROR: No certificates were found to work, tried {} Probably can't use installer!".format(paths_to_try))
255256

257+
# this function must be run AFTER scanCertLocation()
258+
@staticmethod
259+
def chooseURLOpenCertificate():
260+
def testURLOpenHeaders(url, certPath):
261+
try:
262+
urlopen(url, context=ssl.create_default_context(cafile=certPath))
263+
return True
264+
except Exception as error:
265+
print("Error: chooseURLOpenCertificate() Failed: {}".format(error))
266+
return False
267+
268+
# Try:
269+
# 1. Default Cert (whatever CURL uses when you don't specify argument)
270+
# 2. On Linux, we scan for certs on the user's computer and store the first found one. Try this.
271+
# 3. Try the certificate we bundle with the installer. We try this last becuase it might be out of date, depending on when the installer was last released.
272+
paths_to_try = [None, Globals.CA_CERT_PATH, "curl-ca-bundle.crt"]
273+
274+
for certificate_path in paths_to_try:
275+
if not testURLOpenHeaders(Request('https://07th-mod.com/', headers={"User-Agent": ""}), certificate_path):
276+
print("chooseURLOpenCertificate(): Failed to download headers using urlOpen from 07th-mod.com using cert [{}]".format(certificate_path))
277+
continue
278+
279+
if not testURLOpenHeaders(Request('https://github.com/', headers={"User-Agent": ""}), certificate_path):
280+
print("chooseURLOpenCertificate(): Failed to download headers using urlOpen from github.com using cert [{}]".format(certificate_path))
281+
continue
282+
283+
print("chooseURLOpenCertificate(): Successfully used certificate {} to download from 07th-mod and github".format(certificate_path))
284+
Globals.URLOPEN_CERT_PATH = certificate_path
285+
return
286+
287+
print("chooseURLOpenCertificate(): ERROR: No certificates were found to work, tried {} Probably can't use installer!".format(paths_to_try))
288+
289+
256290
@staticmethod
257291
def scanForAria():
258292
ariaSearchPaths = ["./aria2c", "./.aria2c", "aria2c"]
@@ -402,6 +436,13 @@ def scanCertLocation():
402436
print("[Linux] CA Cert - found at: {}".format(Globals.CA_CERT_PATH))
403437
return
404438

439+
@staticmethod
440+
def getURLOpenContext():
441+
context = None
442+
if Globals.URLOPEN_CERT_PATH:
443+
context = ssl.create_default_context(cafile=Globals.URLOPEN_CERT_PATH)
444+
return context
445+
405446
# You can use the 'exist_ok' of python3 to do this already, but not in python 2
406447
def makeDirsExistOK(directoryToMake):
407448
if os.path.exists(directoryToMake):
@@ -1258,7 +1299,7 @@ def queryUsingCURL(queryUrl):
12581299
return contentDisposition, remoteLastModified, responseURL, lengthString
12591300

12601301
def queryUsingURLOpen(queryUrl):
1261-
httpResponse = urlopen(Request(queryUrl, headers={"User-Agent": ""}))
1302+
httpResponse = urlopen(Request(queryUrl, headers={"User-Agent": ""}), context=Globals.getURLOpenContext())
12621303

12631304
try:
12641305
contentDisposition = httpResponse.getheader("Content-Disposition") # python 3
@@ -1431,7 +1472,7 @@ def downloadFile(url, is_text):
14311472
:return:
14321473
"""
14331474
def downloadUsingURLOpen(download_url):
1434-
file = urlopen(Request(download_url, headers={"User-Agent": ""}))
1475+
file = urlopen(Request(download_url, headers={"User-Agent": ""}), context=Globals.getURLOpenContext())
14351476
data = file.read()
14361477
file.close()
14371478
return data

main.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -272,6 +272,7 @@ def doInstallerInit():
272272
common.Globals.scanForExecutables()
273273
common.Globals.scanCertLocation()
274274
common.Globals.chooseCurlCertificate()
275+
common.Globals.chooseURLOpenCertificate()
275276

276277
# Run remaining init tasks concurrently
277278
t_getSubModConfig = common.makeThread(thread_getSubModConfigList)

0 commit comments

Comments
 (0)