[utils] Configurable SSL cipher list

Allows working around the weak ciphers by setting to DEFAULT@SECLEVEL=1 Needed for ceskatelevize.cz with recent Linux distros.
2019-02-10 14:55:49 +01:00 · 2019-02-10 14:55:49 +01:00 · 977977b97f
parent 876fed6bf3
commit 977977b97f
4 changed files with 11 additions and 0 deletions
--- a/youtube_dl/YoutubeDL.py
+++ b/youtube_dl/YoutubeDL.py
@ -354,6 +354,7 @@ class YoutubeDL(object):
        self.params = {
            # Default parameters
            'nocheckcertificate': False,
+            'ciphers': None,
        }
        self.params.update(params)
        self.cache = Cache(self)
--- a/youtube_dl/init.py
+++ b/youtube_dl/init.py
@ -397,6 +397,7 @@ def _real_main(argv=None):
        'download_archive': download_archive_fn,
        'cookiefile': opts.cookiefile,
        'nocheckcertificate': opts.no_check_certificate,
+        'ciphers': opts.ciphers,
        'prefer_insecure': opts.prefer_insecure,
        'proxy': opts.proxy,
        'socket_timeout': opts.socket_timeout,
--- a/youtube_dl/options.py
+++ b/youtube_dl/options.py
@ -535,6 +535,10 @@ def parseOpts(overrideArguments=None):
        '--no-check-certificate',
        action='store_true', dest='no_check_certificate', default=False,
        help='Suppress HTTPS certificate validation')
+    workarounds.add_option(
+        '--ciphers',
+        metavar='CIPHERS', dest='ciphers',
+        help='Set SSL cipher list')
    workarounds.add_option(
        '--prefer-insecure',
        '--prefer-unsecure', action='store_true', dest='prefer_insecure',
--- a/youtube_dl/utils.py
+++ b/youtube_dl/utils.py
@ -696,8 +696,11 @@ def formatSeconds(secs):

 def make_HTTPS_handler(params, **kwargs):
    opts_no_check_certificate = params.get('nocheckcertificate', False)
+    opts_ciphers = params.get('ciphers')
    if hasattr(ssl, 'create_default_context'):  # Python >= 3.4 or 2.7.9
        context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+        if opts_ciphers:
+            context.set_ciphers(opts_ciphers)
        if opts_no_check_certificate:
            context.check_hostname = False
            context.verify_mode = ssl.CERT_NONE
@ -716,6 +719,8 @@ def make_HTTPS_handler(params, **kwargs):
                               if opts_no_check_certificate
                               else ssl.CERT_REQUIRED)
        context.set_default_verify_paths()
+        if opts_ciphers:
+            context.set_ciphers(opts_ciphers)
        return YoutubeDLHTTPSHandler(params, context=context, **kwargs)