[mod] upgrade requests to version 2.24.0. use ssl instead of pyopenssl.

requests 2.24.0 uses the ssl module except if it doesn't support SNI, in this case searx fallbacks to pyopenssl.
searx logs a critical message and exit if the ssl modules doesn't support SNI and pyOpenSSL is not installed.
searx logs a critical message and exit if the ssl version is older than 1.0.2.
in requirements.txt, pyopenssl is still required to install searx as a fallback.
This commit is contained in:
Alexandre Flament 2020-09-15 10:54:31 +02:00
parent 21dbc7e852
commit 93f7f7eee2
4 changed files with 30 additions and 22 deletions

View file

@ -1,12 +1,12 @@
certifi==2020.4.5.1
certifi==2020.6.20
babel==2.7.0
flask-babel==1.0.0
flask==1.1.2
idna==2.9
idna==2.10
jinja2==2.11.1
lxml==4.5.0
pygments==2.1.3
pyopenssl==19.1.0
python-dateutil==2.8.0
pyyaml==5.3.1
requests[socks]==2.23.0
requests[socks]==2.24.0

View file

@ -15,12 +15,10 @@ along with searx. If not, see < http://www.gnu.org/licenses/ >.
(C) 2013- by Adam Tauber, <asciimoo@gmail.com>
'''
import certifi
import logging
from os import environ
from os.path import realpath, dirname, join, abspath, isfile
from io import open
from ssl import OPENSSL_VERSION_INFO, OPENSSL_VERSION
from yaml import safe_load
@ -81,13 +79,6 @@ else:
logger = logging.getLogger('searx')
logger.debug('read configuration from %s', settings_path)
# Workaround for openssl versions <1.0.2
# https://github.com/certifi/python-certifi/issues/26
if OPENSSL_VERSION_INFO[0:3] < (1, 0, 2):
if hasattr(certifi, 'old_where'):
environ['REQUESTS_CA_BUNDLE'] = certifi.old_where()
logger.warning('You are using an old openssl version({0}), please upgrade above 1.0.2!'.format(OPENSSL_VERSION))
logger.info('Initialisation done')
if 'SEARX_SECRET' in environ:

View file

@ -1,9 +1,33 @@
import requests
import sys
from time import time
from itertools import cycle
from threading import RLock, local
import requests
from searx import settings
from time import time
from searx import logger
logger = logger.getChild('poolrequests')
try:
import ssl
if ssl.OPENSSL_VERSION_INFO[0:3] < (1, 0, 2):
# https://github.com/certifi/python-certifi#1024-bit-root-certificates
logger.critical('You are using an old openssl version({0}), please upgrade above 1.0.2!'
.format(ssl.OPENSSL_VERSION))
sys.exit(1)
except ImportError:
ssl = None
if not getattr(ssl, "HAS_SNI", False):
try:
import OpenSSL # pylint: disable=unused-import
except ImportError:
logger.critical("ssl doesn't support SNI and the pyopenssl module is not installed.\n"
"Some HTTPS connections will fail")
sys.exit(1)
class HTTPAdapterWithConnParams(requests.adapters.HTTPAdapter):

View file

@ -78,13 +78,6 @@ from searx.plugins.oa_doi_rewrite import get_doi_resolver
from searx.preferences import Preferences, ValidationException, LANGUAGE_CODES
from searx.answerers import answerers
# check if the pyopenssl package is installed.
# It is needed for SSL connection without trouble, see #298
try:
import OpenSSL.SSL # NOQA
except ImportError:
logger.critical("The pyopenssl package has to be installed.\n"
"Some HTTPS connections will fail")
# serve pages with HTTP/1.1
from werkzeug.serving import WSGIRequestHandler