summaryrefslogtreecommitdiffstats
path: root/collectors/python.d.plugin/python_modules
diff options
context:
space:
mode:
Diffstat (limited to 'collectors/python.d.plugin/python_modules')
-rw-r--r--collectors/python.d.plugin/python_modules/bases/FrameworkServices/UrlService.py21
1 files changed, 18 insertions, 3 deletions
diff --git a/collectors/python.d.plugin/python_modules/bases/FrameworkServices/UrlService.py b/collectors/python.d.plugin/python_modules/bases/FrameworkServices/UrlService.py
index b6f75bd5..cfc7899e 100644
--- a/collectors/python.d.plugin/python_modules/bases/FrameworkServices/UrlService.py
+++ b/collectors/python.d.plugin/python_modules/bases/FrameworkServices/UrlService.py
@@ -15,7 +15,6 @@ try:
except AttributeError:
pass
-
# https://github.com/urllib3/urllib3/blob/master/CHANGES.rst#19-2014-07-04
# New retry logic and urllib3.util.retry.Retry configuration object. (Issue https://github.com/urllib3/urllib3/pull/326)
URLLIB3_MIN_REQUIRED_VERSION = '1.9'
@@ -103,9 +102,12 @@ class UrlService(SimpleService):
params['ca_certs'] = tls_ca_file
try:
url = header_kw.get('url') or self.url
- if url.startswith('https') and not self.tls_verify and not tls_ca_file:
+ is_https = url.startswith('https')
+ if skip_tls_verify(is_https, self.tls_verify, tls_ca_file):
params['ca_certs'] = None
- return manager(assert_hostname=False, cert_reqs='CERT_NONE', **params)
+ params['cert_reqs'] = 'CERT_NONE'
+ if is_https:
+ params['assert_hostname'] = False
return manager(**params)
except (urllib3.exceptions.ProxySchemeUnknown, TypeError) as error:
self.error('build_manager() error:', str(error))
@@ -175,3 +177,16 @@ class UrlService(SimpleService):
return True
self.error('_get_data() returned no data or type is not <dict>')
return False
+
+
+def skip_tls_verify(is_https, tls_verify, tls_ca_file):
+ # default 'tls_verify' value is None
+ # logic is:
+ # - never skip if there is 'tls_ca_file' file
+ # - skip by default for https
+ # - do not skip by default for http
+ if tls_ca_file:
+ return False
+ if is_https and not tls_verify:
+ return True
+ return tls_verify is False