[_519][_281] force verify mode to CERT_NONE if irods verify setting i…

…s explicitly none
irods · Mar 14, 2024 · 00e9cc2 · 00e9cc2
1 parent 30b05a6
commit 00e9cc2
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/irods/connection.py b/irods/connection.py
@@ -187,14 +187,14 @@ def requires_cs_negotiation(self):
 
     @staticmethod
     def make_ssl_context(irods_account):
-        check_hostname = getattr(irods_account,'ssl_verify_server','hostname')
+        verify_server = getattr(irods_account,'ssl_verify_server','hostname')
         CAfile = getattr(irods_account,'ssl_ca_certificate_file',None)
         CApath = getattr(irods_account,'ssl_ca_certificate_path',None)
-        verify = ssl.CERT_NONE if (None is CAfile is CApath) else ssl.CERT_REQUIRED
+        verify = ssl.CERT_NONE if ((None is CAfile is CApath) or verify_server == 'none') else ssl.CERT_REQUIRED
         # See https://stackoverflow.com/questions/30461969/disable-default-certificate-verification-in-python-2-7-9/49040695#49040695
         ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH, cafile=CAfile, capath=CApath)
         # Note: check_hostname must be assigned prior to verify_mode property or Python library complains!
-        ctx.check_hostname = (check_hostname.startswith('host') and verify != ssl.CERT_NONE)
+        ctx.check_hostname = (verify_server.startswith('host') and verify != ssl.CERT_NONE)
         ctx.verify_mode = verify
         return ctx