Fixing improper certificate validation security vulnerability

[osm/RO.git] / RO-SDN-juniper_contrail / osm_rosdn_juniper_contrail / rest_lib.py

diff --git a/RO-SDN-juniper_contrail/osm_rosdn_juniper_contrail/rest_lib.py b/RO-SDN-juniper_contrail/osm_rosdn_juniper_contrail/rest_lib.py
index 4c04c1c..31ea213 100644 (file)
--- a/RO-SDN-juniper_contrail/osm_rosdn_juniper_contrail/rest_lib.py
+++ b/RO-SDN-juniper_contrail/osm_rosdn_juniper_contrail/rest_lib.py
@@ -43,10 +43,10 @@ class ServiceUnavailableException(HttpException):
 
 
 class ContrailHttp(object):
-    def __init__(self, auth_info, logger):
+    def __init__(self, auth_info, logger, verify):
         self._logger = logger
-        # default don't verify client cert
-        self._ssl_verify = False
+        # Verify client cert
+        self.ssl_verify = verify
         # auth info: must contain auth_url and auth_dict
         self.auth_url = auth_info["auth_url"]
         self.auth_dict = auth_info["auth_dict"]
@@ -247,10 +247,14 @@ class ContrailHttp(object):
         return requests.get(url, headers=headers, params=query_params)
 
     def _http_post_headers(self, url, headers, json_data=None):
-        return requests.head(url, json=json_data, headers=headers, verify=False)
+        return requests.head(
+            url, json=json_data, headers=headers, verify=self.ssl_verify
+        )
 
     def _http_post(self, url, headers, json_data=None):
-        return requests.post(url, json=json_data, headers=headers, verify=False)
+        return requests.post(
+            url, json=json_data, headers=headers, verify=self.ssl_verify
+        )
 
     def _http_delete(self, url, headers, json_data=None):
         return requests.delete(url, json=json_data, headers=headers)