1
0
mirror of https://codeberg.org/polarisfm/youtube-dl synced 2024-11-26 10:24:33 +01:00

[utils] Configurable SSL cipher list

Allows working around the weak ciphers by setting to DEFAULT@SECLEVEL=1

Needed for ceskatelevize.cz with recent Linux distros.
This commit is contained in:
Jindrich Makovicka 2019-02-10 14:55:49 +01:00
parent 876fed6bf3
commit 977977b97f
4 changed files with 11 additions and 0 deletions

View File

@ -354,6 +354,7 @@ class YoutubeDL(object):
self.params = { self.params = {
# Default parameters # Default parameters
'nocheckcertificate': False, 'nocheckcertificate': False,
'ciphers': None,
} }
self.params.update(params) self.params.update(params)
self.cache = Cache(self) self.cache = Cache(self)

View File

@ -397,6 +397,7 @@ def _real_main(argv=None):
'download_archive': download_archive_fn, 'download_archive': download_archive_fn,
'cookiefile': opts.cookiefile, 'cookiefile': opts.cookiefile,
'nocheckcertificate': opts.no_check_certificate, 'nocheckcertificate': opts.no_check_certificate,
'ciphers': opts.ciphers,
'prefer_insecure': opts.prefer_insecure, 'prefer_insecure': opts.prefer_insecure,
'proxy': opts.proxy, 'proxy': opts.proxy,
'socket_timeout': opts.socket_timeout, 'socket_timeout': opts.socket_timeout,

View File

@ -535,6 +535,10 @@ def parseOpts(overrideArguments=None):
'--no-check-certificate', '--no-check-certificate',
action='store_true', dest='no_check_certificate', default=False, action='store_true', dest='no_check_certificate', default=False,
help='Suppress HTTPS certificate validation') help='Suppress HTTPS certificate validation')
workarounds.add_option(
'--ciphers',
metavar='CIPHERS', dest='ciphers',
help='Set SSL cipher list')
workarounds.add_option( workarounds.add_option(
'--prefer-insecure', '--prefer-insecure',
'--prefer-unsecure', action='store_true', dest='prefer_insecure', '--prefer-unsecure', action='store_true', dest='prefer_insecure',

View File

@ -696,8 +696,11 @@ def formatSeconds(secs):
def make_HTTPS_handler(params, **kwargs): def make_HTTPS_handler(params, **kwargs):
opts_no_check_certificate = params.get('nocheckcertificate', False) opts_no_check_certificate = params.get('nocheckcertificate', False)
opts_ciphers = params.get('ciphers')
if hasattr(ssl, 'create_default_context'): # Python >= 3.4 or 2.7.9 if hasattr(ssl, 'create_default_context'): # Python >= 3.4 or 2.7.9
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
if opts_ciphers:
context.set_ciphers(opts_ciphers)
if opts_no_check_certificate: if opts_no_check_certificate:
context.check_hostname = False context.check_hostname = False
context.verify_mode = ssl.CERT_NONE context.verify_mode = ssl.CERT_NONE
@ -716,6 +719,8 @@ def make_HTTPS_handler(params, **kwargs):
if opts_no_check_certificate if opts_no_check_certificate
else ssl.CERT_REQUIRED) else ssl.CERT_REQUIRED)
context.set_default_verify_paths() context.set_default_verify_paths()
if opts_ciphers:
context.set_ciphers(opts_ciphers)
return YoutubeDLHTTPSHandler(params, context=context, **kwargs) return YoutubeDLHTTPSHandler(params, context=context, **kwargs)