From 15bd1d5681b886ba344e07b994a3d6e23c62dd0d Mon Sep 17 00:00:00 2001 From: Dpeta Date: Sat, 8 Oct 2022 21:04:38 +0200 Subject: [PATCH] Use certifi root certificates when available --- README.md | 8 ++++++-- oyoyo/client.py | 31 ++++++++++++++++++++++++------- 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index c5157aa..3252472 100644 --- a/README.md +++ b/README.md @@ -82,13 +82,16 @@ The old READMEs are also preserved in the [docs](docs) folder: ## RUNNING FROM SOURCE Pesterchum is a Python script. This means that as long as you have Python installed you can run it without requiring a build/executable, this is useful if there's no compatible build for your system. -### REQUIREMENTS +### DEPENDENCIES - [Python 3] - Ideally 3.8 or later, though older versions may still work, I don't test them. - [PyQt6] (prefered) or [PyQt5] (legacy) - Qt6 only supports maintained 64 bit operating systems, like Windows 10 or later for Windows. ([Qt 6.3 Supported Platforms](https://doc.qt.io/qt-6/supported-platforms.html)) - Qt5 supports Windows 7 or later, but is past its EOL for non-commercial use. ([Qt 5.15 Supported Platforms](https://doc.qt.io/qt-6/supported-platforms.html)) - - (Linux-specific) [pygame] or [GStreamer] for audio. + - (Optional) [pygame] can provide an alternative audio backend for certain systems. + - Useful for Linux systems that don't meet the Qt6 requirements, as Qt5 Multimedia has a GStreamer dependency. + - (Optional) [certifi] can provide alternative root certificates for TLS certificate validation. + - Useful for MacOS, as Python doesn't use the system-provided certificates because of MacOS' outdated SSL library. Also miscellaneous systems without usable root certificates. ### WALKTHROUGH @@ -114,6 +117,7 @@ Pesterchum is a Python script. This means that as long as you have Python instal [PyQt5]: https://pypi.org/project/PyQt5/ [PyQt6]: https://pypi.org/project/PyQt6/ [pygame]: https://pypi.org/project/pygame/ +[certifi]: https://pypi.org/project/certifi/ [GStreamer]: https://gstreamer.freedesktop.org/ ## FREEZE / BUILD diff --git a/oyoyo/client.py b/oyoyo/client.py index f2e7387..6956d9b 100644 --- a/oyoyo/client.py +++ b/oyoyo/client.py @@ -15,21 +15,31 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN # THE SOFTWARE. -import logging - -PchumLog = logging.getLogger("pchumLogger") - -import logging -import socket +import sys import time -import traceback import ssl +import socket import select +import logging +import traceback from oyoyo.parse import parse_raw_irc_command from oyoyo import helpers from oyoyo.cmdhandler import CommandError +PchumLog = logging.getLogger("pchumLogger") + +try: + import certifi +except ImportError: + if sys.platform == "darwin": + # Certifi is required to validate certificates on MacOS with pyinstaller builds. + PchumLog.warning( + "Failed to import certifi, which is recommended on MacOS. " + "Pesterchum might not be able to validate certificates unless " + "Python's root certs are installed." + ) + class IRCClientError(Exception): pass @@ -199,6 +209,13 @@ class IRCClient: if verify_hostname == False: context.check_hostname = False context.verify_mode = ssl.CERT_NONE + else: + # Also load certifi provided root certs if present. (Mainly useful for MacOS) + if "certifi" in sys.modules: + try: + context.load_verify_locations(cafile=certifi.where()) + except: + PchumLog.exception("") bare_sock = socket.create_connection((self.host, self.port)) self.socket = context.wrap_socket(