Add option '--no-cert-checks' for 'upload' sub command.
This option allow to bypass verification ssl certification while
establishing connection with Gerrit to upload review.
Change-Id: If2e15f5a273c18a700eb5093ca8a4d5a4cbf80cd
diff --git a/git_config.py b/git_config.py
index e00f6be..fb4377c 100644
--- a/git_config.py
+++ b/git_config.py
@@ -20,6 +20,7 @@
import json
import os
import re
+import ssl
import subprocess
import sys
try:
@@ -604,7 +605,7 @@
connectionUrl = self._InsteadOf()
return _preconnect(connectionUrl)
- def ReviewUrl(self, userEmail):
+ def ReviewUrl(self, userEmail, validate_certs):
if self._review_url is None:
if self.review is None:
return None
@@ -637,7 +638,11 @@
else:
try:
info_url = u + 'ssh_info'
- info = urllib.request.urlopen(info_url).read()
+ if not validate_certs:
+ context = ssl._create_unverified_context()
+ info = urllib.request.urlopen(info_url, context=context).read()
+ else:
+ info = urllib.request.urlopen(info_url).read()
if info == 'NOT_AVAILABLE' or '<' in info:
# If `info` contains '<', we assume the server gave us some sort
# of HTML response back, like maybe a login page.
diff --git a/project.py b/project.py
index 0b7baee..c2cccb4 100644
--- a/project.py
+++ b/project.py
@@ -178,14 +178,16 @@
draft=False,
private=False,
wip=False,
- dest_branch=None):
+ dest_branch=None,
+ validate_certs=True):
self.project.UploadForReview(self.name,
people,
auto_topic=auto_topic,
draft=draft,
private=private,
wip=wip,
- dest_branch=dest_branch)
+ dest_branch=dest_branch,
+ validate_certs=validate_certs)
def GetPublishedRefs(self):
refs = {}
@@ -1113,7 +1115,8 @@
draft=False,
private=False,
wip=False,
- dest_branch=None):
+ dest_branch=None,
+ validate_certs=True):
"""Uploads the named branch for code review.
"""
if branch is None:
@@ -1138,7 +1141,7 @@
branch.remote.projectname = self.name
branch.remote.Save()
- url = branch.remote.ReviewUrl(self.UserEmail)
+ url = branch.remote.ReviewUrl(self.UserEmail, validate_certs)
if url is None:
raise UploadError('review not configured')
cmd = ['push']
diff --git a/subcmds/upload.py b/subcmds/upload.py
index 61b18bc..60feff7 100644
--- a/subcmds/upload.py
+++ b/subcmds/upload.py
@@ -181,6 +181,9 @@
# Never run upload hooks, but upload anyway (AKA bypass hooks).
# - no-verify=True, verify=True:
# Invalid
+ p.add_option('--no-cert-checks',
+ dest='validate_certs', action='store_false', default=True,
+ help='Disable verifying ssl certs (unsafe).')
p.add_option('--no-verify',
dest='bypass_hooks', action='store_true',
help='Do not run the upload hook.')
@@ -389,7 +392,9 @@
draft=opt.draft,
private=opt.private,
wip=opt.wip,
- dest_branch=destination)
+ dest_branch=destination,
+ validate_certs=opt.validate_certs)
+
branch.uploaded = True
except UploadError as e:
branch.error = e