mirror of
https://codeberg.org/polarisfm/youtube-dl
synced 2024-11-29 19:47:54 +01:00
[utils] Configurable SSL cipher list
Allows working around the weak ciphers by setting to DEFAULT@SECLEVEL=1 Needed for ceskatelevize.cz with recent Linux distros.
This commit is contained in:
parent
876fed6bf3
commit
977977b97f
@ -354,6 +354,7 @@ class YoutubeDL(object):
|
|||||||
self.params = {
|
self.params = {
|
||||||
# Default parameters
|
# Default parameters
|
||||||
'nocheckcertificate': False,
|
'nocheckcertificate': False,
|
||||||
|
'ciphers': None,
|
||||||
}
|
}
|
||||||
self.params.update(params)
|
self.params.update(params)
|
||||||
self.cache = Cache(self)
|
self.cache = Cache(self)
|
||||||
|
@ -397,6 +397,7 @@ def _real_main(argv=None):
|
|||||||
'download_archive': download_archive_fn,
|
'download_archive': download_archive_fn,
|
||||||
'cookiefile': opts.cookiefile,
|
'cookiefile': opts.cookiefile,
|
||||||
'nocheckcertificate': opts.no_check_certificate,
|
'nocheckcertificate': opts.no_check_certificate,
|
||||||
|
'ciphers': opts.ciphers,
|
||||||
'prefer_insecure': opts.prefer_insecure,
|
'prefer_insecure': opts.prefer_insecure,
|
||||||
'proxy': opts.proxy,
|
'proxy': opts.proxy,
|
||||||
'socket_timeout': opts.socket_timeout,
|
'socket_timeout': opts.socket_timeout,
|
||||||
|
@ -535,6 +535,10 @@ def parseOpts(overrideArguments=None):
|
|||||||
'--no-check-certificate',
|
'--no-check-certificate',
|
||||||
action='store_true', dest='no_check_certificate', default=False,
|
action='store_true', dest='no_check_certificate', default=False,
|
||||||
help='Suppress HTTPS certificate validation')
|
help='Suppress HTTPS certificate validation')
|
||||||
|
workarounds.add_option(
|
||||||
|
'--ciphers',
|
||||||
|
metavar='CIPHERS', dest='ciphers',
|
||||||
|
help='Set SSL cipher list')
|
||||||
workarounds.add_option(
|
workarounds.add_option(
|
||||||
'--prefer-insecure',
|
'--prefer-insecure',
|
||||||
'--prefer-unsecure', action='store_true', dest='prefer_insecure',
|
'--prefer-unsecure', action='store_true', dest='prefer_insecure',
|
||||||
|
@ -696,8 +696,11 @@ def formatSeconds(secs):
|
|||||||
|
|
||||||
def make_HTTPS_handler(params, **kwargs):
|
def make_HTTPS_handler(params, **kwargs):
|
||||||
opts_no_check_certificate = params.get('nocheckcertificate', False)
|
opts_no_check_certificate = params.get('nocheckcertificate', False)
|
||||||
|
opts_ciphers = params.get('ciphers')
|
||||||
if hasattr(ssl, 'create_default_context'): # Python >= 3.4 or 2.7.9
|
if hasattr(ssl, 'create_default_context'): # Python >= 3.4 or 2.7.9
|
||||||
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
|
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
|
||||||
|
if opts_ciphers:
|
||||||
|
context.set_ciphers(opts_ciphers)
|
||||||
if opts_no_check_certificate:
|
if opts_no_check_certificate:
|
||||||
context.check_hostname = False
|
context.check_hostname = False
|
||||||
context.verify_mode = ssl.CERT_NONE
|
context.verify_mode = ssl.CERT_NONE
|
||||||
@ -716,6 +719,8 @@ def make_HTTPS_handler(params, **kwargs):
|
|||||||
if opts_no_check_certificate
|
if opts_no_check_certificate
|
||||||
else ssl.CERT_REQUIRED)
|
else ssl.CERT_REQUIRED)
|
||||||
context.set_default_verify_paths()
|
context.set_default_verify_paths()
|
||||||
|
if opts_ciphers:
|
||||||
|
context.set_ciphers(opts_ciphers)
|
||||||
return YoutubeDLHTTPSHandler(params, context=context, **kwargs)
|
return YoutubeDLHTTPSHandler(params, context=context, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user