diff --git a/resources/lib/DownloadUtils.py b/resources/lib/DownloadUtils.py
index 7f6a9f4e..bc86a84a 100644
--- a/resources/lib/DownloadUtils.py
+++ b/resources/lib/DownloadUtils.py
@@ -58,10 +58,12 @@ class DownloadUtils():
self.token = token
self.logMsg("Set token: %s" % token, 2)
- def setSSL(self, ssl):
+ def setSSL(self, ssl, sslclient):
# Reserved for UserClient only
- self.ssl = ssl
- self.logMsg("Set ssl path: %s" % ssl, 2)
+ self.sslverify = ssl
+ self.sslclient = sslclient
+ self.logMsg("Verify SSL host certificate: %s" % ssl, 2)
+ self.logMsg("SSL client side certificate: %s" % sslclient, 2)
def postCapabilities(self, deviceId):
@@ -91,20 +93,20 @@ class DownloadUtils():
# User is identified from this point
# Attach authenticated header to the session
- header = self.getHeader()
- cert = None
verify = None
+ cert = None
+ header = self.getHeader()
- # If user has a custom certificate, verify the host certificate too
- if (self.ssl != None):
- cert = self.ssl
+ # If user enabled host certificate verification
+ if self.sslverify:
verify = True
-
+ cert = self.sslclient
+
# Start session
self.s = requests.Session()
self.s.headers = header
- self.s.cert = cert
self.s.verify = verify
+ self.s.cert = cert
# Retry connections to the server
self.s.mount("http://", requests.adapters.HTTPAdapter(max_retries=1))
self.s.mount("https://", requests.adapters.HTTPAdapter(max_retries=1))
@@ -173,12 +175,19 @@ class DownloadUtils():
self.logMsg("URL: %s" % url, 1)
header = self.getHeader(authenticate=False)
+ verifyssl = False
+
+ # If user enables ssl verification
+ try:
+ verifyssl = self.sslverify
+ except AttributeError:
+ pass
# Prepare request
if type == "GET":
- r = requests.get(url, params=postBody, headers=header, timeout=timeout, verify=False)
+ r = requests.get(url, params=postBody, headers=header, timeout=timeout, verify=verifyssl)
elif type == "POST":
- r = requests.post(url, params=postBody, headers=header, timeout=timeout, verify=False)
+ r = requests.post(url, params=postBody, headers=header, timeout=timeout, verify=verifyssl)
# Process the response
try:
diff --git a/resources/lib/UserClient.py b/resources/lib/UserClient.py
index d497c34d..31a78f64 100644
--- a/resources/lib/UserClient.py
+++ b/resources/lib/UserClient.py
@@ -131,8 +131,17 @@ class UserClient(threading.Thread):
self.logMsg("No token found.")
return ""
- def getSSL(self):
+ def getSSLverify(self):
+ # Verify host certificate
+ s_sslverify = self.addon.getSetting('sslverify')
+ if s_sslverify == "true":
+ return True
+ else:
+ return False
+
+ def getSSL(self):
+ # Client side certificate
s_cert = self.addon.getSetting('sslcert')
if s_cert == "None":
@@ -165,7 +174,8 @@ class UserClient(threading.Thread):
self.currUserId = self.getUserId()
self.currServer = self.getServer()
self.currToken = self.getToken()
- self.ssl = self.getSSL()
+ self.ssl = self.getSSLverify()
+ self.sslcert = self.getSSL()
# Set to windows property
WINDOW.setProperty("currUser", username)
@@ -179,7 +189,7 @@ class UserClient(threading.Thread):
doUtils.setUserId(self.currUserId)
doUtils.setServer(self.currServer)
doUtils.setToken(self.currToken)
- doUtils.setSSL(self.ssl)
+ doUtils.setSSL(self.ssl, self.sslcert)
# Start DownloadUtils session
doUtils.startSession()
diff --git a/resources/settings.xml b/resources/settings.xml
index 2ab74697..cd5540e3 100644
--- a/resources/settings.xml
+++ b/resources/settings.xml
@@ -6,6 +6,7 @@
<setting id="username" type="text" label="30024" />
<setting type="sep" />
<setting id="https" type="bool" label="30243" visible="true" enable="true" default="false" />
+ <setting id="sslverify" type="bool" label="Verify Host SSL Certificate" visible="eq(-1,true)" enable="true" default="false" />
<setting id="sslcert" type="file" label="Custom SSL Certificate" visible="eq(-1,true)" enable="true" default="None" />
<setting type="sep" />
<setting id="deviceName" type="text" label="30016" default="Kodi" />