diff options
author | Adrien Ferrand <adferrand@users.noreply.github.com> | 2020-02-06 18:58:39 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-06 18:58:39 +0300 |
commit | ef388a309f3ea3316c3e364d822227bca5df6a56 (patch) | |
tree | 40c992d635e0ad0eb1bbf5ce77dd146c5ce17e7c | |
parent | 7da5196206b33d5593bd15cd1dcce4d790db7e6d (diff) | |
parent | c98183c9986c47984695d467fa5a9ccf5b937c37 (diff) |
Merge pull request #7751 from Pilifer/master
Don't verify certificate in HTTP01Response.simple_verify (certbot#6614)
-rw-r--r-- | acme/acme/challenges.py | 2 | ||||
-rw-r--r-- | acme/tests/challenges_test.py | 4 | ||||
-rw-r--r-- | certbot/CHANGELOG.md | 3 |
3 files changed, 5 insertions, 4 deletions
diff --git a/acme/acme/challenges.py b/acme/acme/challenges.py index 8a0366301..39c8d6269 100644 --- a/acme/acme/challenges.py +++ b/acme/acme/challenges.py @@ -303,7 +303,7 @@ class HTTP01Response(KeyAuthorizationChallengeResponse): uri = chall.uri(domain) logger.debug("Verifying %s at %s...", chall.typ, uri) try: - http_response = requests.get(uri) + http_response = requests.get(uri, verify=False) except requests.exceptions.RequestException as error: logger.error("Unable to reach %s: %s", uri, error) return False diff --git a/acme/tests/challenges_test.py b/acme/tests/challenges_test.py index 490caadc2..adebaffc5 100644 --- a/acme/tests/challenges_test.py +++ b/acme/tests/challenges_test.py @@ -181,7 +181,7 @@ class HTTP01ResponseTest(unittest.TestCase): mock_get.return_value = mock.MagicMock(text=validation) self.assertTrue(self.response.simple_verify( self.chall, "local", KEY.public_key())) - mock_get.assert_called_once_with(self.chall.uri("local")) + mock_get.assert_called_once_with(self.chall.uri("local"), verify=False) @mock.patch("acme.challenges.requests.get") def test_simple_verify_bad_validation(self, mock_get): @@ -197,7 +197,7 @@ class HTTP01ResponseTest(unittest.TestCase): HTTP01Response.WHITESPACE_CUTSET)) self.assertTrue(self.response.simple_verify( self.chall, "local", KEY.public_key())) - mock_get.assert_called_once_with(self.chall.uri("local")) + mock_get.assert_called_once_with(self.chall.uri("local"), verify=False) @mock.patch("acme.challenges.requests.get") def test_simple_verify_connection_error(self, mock_get): diff --git a/certbot/CHANGELOG.md b/certbot/CHANGELOG.md index 3e3fda49f..7367c929f 100644 --- a/certbot/CHANGELOG.md +++ b/certbot/CHANGELOG.md @@ -6,7 +6,8 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). ### Added -* +* Don't verify the existing certificate in HTTP01Response.simple_verify, for + compatibility with the real-world ACME challenge checks. ### Changed |