From 0fce00e94e138548765e7b4f16fd845f6e602da0 Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Wed, 14 Jun 2017 15:47:38 +0930 Subject: [PATCH 1/2] Add support for https chain files. This makes (eg) curl happy with a Lets Encrypt certificate. --- SickBeard.py | 1 + autoProcessTV/autoProcessTV.py | 18 +++++++++++++----- autoProcessTV/sabToSickBeard.py | 10 +++++----- data/interfaces/default/config_general.tmpl | 11 +++++++++++ sickbeard/__init__.py | 5 ++++- sickbeard/config.py | 15 +++++++++++++++ sickbeard/webserve.py | 5 ++++- sickbeard/webserveInit.py | 3 +++ 8 files changed, 56 insertions(+), 12 deletions(-) diff --git a/SickBeard.py b/SickBeard.py index 1dd4a99bb1..640bfde155 100755 --- a/SickBeard.py +++ b/SickBeard.py @@ -363,6 +363,7 @@ def main(): 'enable_https': sickbeard.ENABLE_HTTPS, 'https_cert': sickbeard.HTTPS_CERT, 'https_key': sickbeard.HTTPS_KEY, + 'https_chain': sickbeard.HTTPS_CHAIN, }) except IOError: logger.log(u"Unable to start web server, is something else running on port: " + str(startPort), logger.ERROR) diff --git a/autoProcessTV/autoProcessTV.py b/autoProcessTV/autoProcessTV.py index 3c940d936b..633cff800d 100644 --- a/autoProcessTV/autoProcessTV.py +++ b/autoProcessTV/autoProcessTV.py @@ -56,11 +56,12 @@ def processEpisode(dir_to_process, org_NZB_name=None): port = "8081" username = "" password = "" - ssl = 0 + dossl = 0 + verify = 0 web_root = "/" default_url = host + ":" + port + web_root - if ssl: + if dossl: default_url = "https://" + default_url else: default_url = "http://" + default_url @@ -88,7 +89,13 @@ def processEpisode(dir_to_process, org_NZB_name=None): password = config.get("SickBeard", "password") try: - ssl = int(config.get("SickBeard", "ssl")) + dossl = int(config.get("SickBeard", "ssl")) + + except (configparser.NoOptionError, ValueError): + pass + + try: + verify = int(config.get("SickBeard", "verify")) except (configparser.NoOptionError, ValueError): pass @@ -118,7 +125,7 @@ def processEpisode(dir_to_process, org_NZB_name=None): if org_NZB_name != None: params['nzbName'] = org_NZB_name - if ssl: + if dossl: protocol = "https://" else: protocol = "http://" @@ -131,7 +138,8 @@ def processEpisode(dir_to_process, org_NZB_name=None): password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm() password_mgr.add_password(None, url, username, password) handler = HTTPBasicAuthHandler(password_mgr) - opener = urllib2.build_opener(handler) + #opener = urllib2.build_opener(handler) + opener = urllib2.build_opener(handler, urllib2.HTTPSHandler(context=sslModule._create_unverified_context())) urllib2.install_opener(opener) result = opener.open(url).readlines() diff --git a/autoProcessTV/sabToSickBeard.py b/autoProcessTV/sabToSickBeard.py index 12d36cb079..a13aaec394 100755 --- a/autoProcessTV/sabToSickBeard.py +++ b/autoProcessTV/sabToSickBeard.py @@ -21,11 +21,11 @@ import sys -try: - import autoProcessTV -except: - print ("Can't import autoProcessTV.py, make sure it's in the same folder as " + sys.argv[0]) - sys.exit(1) +#try: +import autoProcessTV +#except: +# print ("Can't import autoProcessTV.py, make sure it's in the same folder as " + sys.argv[0]) +# sys.exit(1) # SABnzbd user script parameters - see: http://wiki.sabnzbd.org/user-scripts diff --git a/data/interfaces/default/config_general.tmpl b/data/interfaces/default/config_general.tmpl index 1abb5ab9fc..377e25d291 100644 --- a/data/interfaces/default/config_general.tmpl +++ b/data/interfaces/default/config_general.tmpl @@ -152,6 +152,17 @@ File name or path to HTTPS Key. +
+ + +
+ diff --git a/sickbeard/__init__.py b/sickbeard/__init__.py index b9b6eab5de..bb96e64d07 100644 --- a/sickbeard/__init__.py +++ b/sickbeard/__init__.py @@ -116,6 +116,7 @@ ENABLE_HTTPS = False HTTPS_CERT = None HTTPS_KEY = None +HTTPS_CHAIN = None LAUNCH_BROWSER = None CACHE_DIR = None @@ -334,7 +335,7 @@ def initialize(consoleLogging=True): with INIT_LOCK: - global ACTUAL_LOG_DIR, LOG_DIR, WEB_PORT, WEB_LOG, WEB_ROOT, WEB_USERNAME, WEB_PASSWORD, WEB_HOST, WEB_IPV6, USE_API, API_KEY, ENABLE_HTTPS, HTTPS_CERT, HTTPS_KEY, \ + global ACTUAL_LOG_DIR, LOG_DIR, WEB_PORT, WEB_LOG, WEB_ROOT, WEB_USERNAME, WEB_PASSWORD, WEB_HOST, WEB_IPV6, USE_API, API_KEY, ENABLE_HTTPS, HTTPS_CERT, HTTPS_KEY, HTTPS_CHAIN, \ USE_NZBS, USE_TORRENTS, NZB_METHOD, NZB_DIR, DOWNLOAD_PROPERS, \ SAB_USERNAME, SAB_PASSWORD, SAB_APIKEY, SAB_CATEGORY, SAB_HOST, \ NZBGET_USERNAME, NZBGET_PASSWORD, NZBGET_CATEGORY, NZBGET_HOST, currentSearchScheduler, backlogSearchScheduler, \ @@ -413,6 +414,7 @@ def initialize(consoleLogging=True): ENABLE_HTTPS = bool(check_setting_int(CFG, 'General', 'enable_https', 0)) HTTPS_CERT = check_setting_str(CFG, 'General', 'https_cert', 'server.crt') HTTPS_KEY = check_setting_str(CFG, 'General', 'https_key', 'server.key') + HTTPS_CHAIN = check_setting_str(CFG, 'General', 'https_chain', 'chain.pem') ACTUAL_CACHE_DIR = check_setting_str(CFG, 'General', 'cache_dir', 'cache') # fix bad configs due to buggy code @@ -1009,6 +1011,7 @@ def save_config(): new_config['General']['enable_https'] = int(ENABLE_HTTPS) new_config['General']['https_cert'] = HTTPS_CERT new_config['General']['https_key'] = HTTPS_KEY + new_config['General']['https_chain'] = HTTPS_CHAIN new_config['General']['use_nzbs'] = int(USE_NZBS) new_config['General']['use_torrents'] = int(USE_TORRENTS) diff --git a/sickbeard/config.py b/sickbeard/config.py index 6a5303428c..f915e97ec1 100644 --- a/sickbeard/config.py +++ b/sickbeard/config.py @@ -61,6 +61,21 @@ def change_HTTPS_CERT(https_cert): return True +def change_HTTPS_CHAIN(https_chain): + + if https_chain == '': + sickbeard.HTTPS_CHAIN = '' + return True + + if os.path.normpath(sickbeard.HTTPS_CHAIN) != os.path.normpath(https_chain): + if helpers.makeDir(os.path.dirname(os.path.abspath(https_chain))): + sickbeard.HTTPS_CHAIN = os.path.normpath(https_chain) + logger.log(u"Changed https chain path to " + https_chain) + else: + return False + + return True + def change_HTTPS_KEY(https_key): if https_key == '': diff --git a/sickbeard/webserve.py b/sickbeard/webserve.py index bdbe3fb6fc..5746b449ff 100644 --- a/sickbeard/webserve.py +++ b/sickbeard/webserve.py @@ -719,7 +719,7 @@ def generateKey(self): @cherrypy.expose def saveGeneral(self, log_dir=None, web_port=None, web_log=None, web_ipv6=None, launch_browser=None, web_username=None, use_api=None, api_key=None, - web_password=None, version_notify=None, enable_https=None, https_cert=None, https_key=None): + web_password=None, version_notify=None, enable_https=None, https_cert=None, https_key=None, https_chain=None): results = [] @@ -745,6 +745,9 @@ def saveGeneral(self, log_dir=None, web_port=None, web_log=None, web_ipv6=None, if not config.change_HTTPS_CERT(https_cert): results += ["Unable to create directory " + os.path.normpath(https_cert) + ", https cert directory not changed."] + if not config.change_HTTPS_CHAIN(https_chain): + results += ["Unable to create directory " + os.path.normpath(https_chain) + ", https chain directory not changed."] + if not config.change_HTTPS_KEY(https_key): results += ["Unable to create directory " + os.path.normpath(https_key) + ", https key directory not changed."] diff --git a/sickbeard/webserveInit.py b/sickbeard/webserveInit.py index 49fc2beb6c..9a6f3fa2c1 100644 --- a/sickbeard/webserveInit.py +++ b/sickbeard/webserveInit.py @@ -76,6 +76,7 @@ def http_error_404_hander(status, message, traceback, version): enable_https = options['enable_https'] https_cert = options['https_cert'] https_key = options['https_key'] + https_chain = options['https_chain'] if enable_https: # If either the HTTPS certificate or key do not exist, make some self-signed ones. @@ -117,6 +118,8 @@ def http_error_404_hander(status, message, traceback, version): if enable_https: options_dict['server.ssl_certificate'] = https_cert options_dict['server.ssl_private_key'] = https_key + if https_chain != None and https_chain != '': + options_dict['server.ssl_certificate_chain'] = https_chain protocol = "https" else: protocol = "http" From dd03c426f38e4f89be95ab6148a0e1dff29a2e6c Mon Sep 17 00:00:00 2001 From: Daniel O'Connor Date: Wed, 14 Jun 2017 15:55:33 +0930 Subject: [PATCH 2/2] Remove unrelated hunks from 0fce00e94e138548765e7b4f16fd845f6e602da0 --- autoProcessTV/autoProcessTV.py | 19 ++++++------------- autoProcessTV/sabToSickBeard.py | 10 +++++----- 2 files changed, 11 insertions(+), 18 deletions(-) diff --git a/autoProcessTV/autoProcessTV.py b/autoProcessTV/autoProcessTV.py index 633cff800d..e13f9ffa08 100644 --- a/autoProcessTV/autoProcessTV.py +++ b/autoProcessTV/autoProcessTV.py @@ -22,6 +22,7 @@ import os.path import sys +import ssl as sslModule # Try importing Python 2 modules using new names try: @@ -56,12 +57,11 @@ def processEpisode(dir_to_process, org_NZB_name=None): port = "8081" username = "" password = "" - dossl = 0 - verify = 0 + ssl = 0 web_root = "/" default_url = host + ":" + port + web_root - if dossl: + if ssl: default_url = "https://" + default_url else: default_url = "http://" + default_url @@ -89,13 +89,7 @@ def processEpisode(dir_to_process, org_NZB_name=None): password = config.get("SickBeard", "password") try: - dossl = int(config.get("SickBeard", "ssl")) - - except (configparser.NoOptionError, ValueError): - pass - - try: - verify = int(config.get("SickBeard", "verify")) + ssl = int(config.get("SickBeard", "ssl")) except (configparser.NoOptionError, ValueError): pass @@ -125,7 +119,7 @@ def processEpisode(dir_to_process, org_NZB_name=None): if org_NZB_name != None: params['nzbName'] = org_NZB_name - if dossl: + if ssl: protocol = "https://" else: protocol = "http://" @@ -138,8 +132,7 @@ def processEpisode(dir_to_process, org_NZB_name=None): password_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm() password_mgr.add_password(None, url, username, password) handler = HTTPBasicAuthHandler(password_mgr) - #opener = urllib2.build_opener(handler) - opener = urllib2.build_opener(handler, urllib2.HTTPSHandler(context=sslModule._create_unverified_context())) + opener = urllib2.build_opener(handler) urllib2.install_opener(opener) result = opener.open(url).readlines() diff --git a/autoProcessTV/sabToSickBeard.py b/autoProcessTV/sabToSickBeard.py index a13aaec394..12d36cb079 100755 --- a/autoProcessTV/sabToSickBeard.py +++ b/autoProcessTV/sabToSickBeard.py @@ -21,11 +21,11 @@ import sys -#try: -import autoProcessTV -#except: -# print ("Can't import autoProcessTV.py, make sure it's in the same folder as " + sys.argv[0]) -# sys.exit(1) +try: + import autoProcessTV +except: + print ("Can't import autoProcessTV.py, make sure it's in the same folder as " + sys.argv[0]) + sys.exit(1) # SABnzbd user script parameters - see: http://wiki.sabnzbd.org/user-scripts