From 17c93e2be4ad7b3af0cd6878bdd5d8a4a3e6da99 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Thu, 28 Nov 2019 05:53:29 +0100
Subject: Merging upstream version 1.19.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../bases/FrameworkServices/UrlService.py           | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

(limited to 'collectors/python.d.plugin/python_modules/bases/FrameworkServices')

diff --git a/collectors/python.d.plugin/python_modules/bases/FrameworkServices/UrlService.py b/collectors/python.d.plugin/python_modules/bases/FrameworkServices/UrlService.py
index b6f75bd5c..cfc7899e5 100644
--- a/collectors/python.d.plugin/python_modules/bases/FrameworkServices/UrlService.py
+++ b/collectors/python.d.plugin/python_modules/bases/FrameworkServices/UrlService.py
@@ -15,7 +15,6 @@ try:
 except AttributeError:
     pass
 
-
 # https://github.com/urllib3/urllib3/blob/master/CHANGES.rst#19-2014-07-04
 # New retry logic and urllib3.util.retry.Retry configuration object. (Issue https://github.com/urllib3/urllib3/pull/326)
 URLLIB3_MIN_REQUIRED_VERSION = '1.9'
@@ -103,9 +102,12 @@ class UrlService(SimpleService):
             params['ca_certs'] = tls_ca_file
         try:
             url = header_kw.get('url') or self.url
-            if url.startswith('https') and not self.tls_verify and not tls_ca_file:
+            is_https = url.startswith('https')
+            if skip_tls_verify(is_https, self.tls_verify, tls_ca_file):
                 params['ca_certs'] = None
-                return manager(assert_hostname=False, cert_reqs='CERT_NONE', **params)
+                params['cert_reqs'] = 'CERT_NONE'
+                if is_https:
+                    params['assert_hostname'] = False
             return manager(**params)
         except (urllib3.exceptions.ProxySchemeUnknown, TypeError) as error:
             self.error('build_manager() error:', str(error))
@@ -175,3 +177,16 @@ class UrlService(SimpleService):
             return True
         self.error('_get_data() returned no data or type is not <dict>')
         return False
+
+
+def skip_tls_verify(is_https, tls_verify, tls_ca_file):
+    # default 'tls_verify' value is None
+    # logic is:
+    #   - never skip if there is 'tls_ca_file' file
+    #   - skip by default for https
+    #   - do not skip by default for http
+    if tls_ca_file:
+        return False
+    if is_https and not tls_verify:
+        return True
+    return tls_verify is False
-- 
cgit v1.2.3