diff --git a/requirements.txt b/requirements.txt index 5d508d7ee..a3350d2d2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,12 +1,12 @@ -certifi==2020.4.5.1 +certifi==2020.6.20 babel==2.7.0 flask-babel==1.0.0 flask==1.1.2 -idna==2.9 +idna==2.10 jinja2==2.11.1 lxml==4.5.0 pygments==2.1.3 pyopenssl==19.1.0 python-dateutil==2.8.0 pyyaml==5.3.1 -requests[socks]==2.23.0 +requests[socks]==2.24.0 diff --git a/searx/__init__.py b/searx/__init__.py index 80a7ffc76..b90cf5358 100644 --- a/searx/__init__.py +++ b/searx/__init__.py @@ -15,12 +15,10 @@ along with searx. If not, see < http://www.gnu.org/licenses/ >. (C) 2013- by Adam Tauber, ''' -import certifi import logging from os import environ from os.path import realpath, dirname, join, abspath, isfile from io import open -from ssl import OPENSSL_VERSION_INFO, OPENSSL_VERSION from yaml import safe_load @@ -81,13 +79,6 @@ else: logger = logging.getLogger('searx') logger.debug('read configuration from %s', settings_path) -# Workaround for openssl versions <1.0.2 -# https://github.com/certifi/python-certifi/issues/26 -if OPENSSL_VERSION_INFO[0:3] < (1, 0, 2): - if hasattr(certifi, 'old_where'): - environ['REQUESTS_CA_BUNDLE'] = certifi.old_where() - logger.warning('You are using an old openssl version({0}), please upgrade above 1.0.2!'.format(OPENSSL_VERSION)) - logger.info('Initialisation done') if 'SEARX_SECRET' in environ: diff --git a/searx/poolrequests.py b/searx/poolrequests.py index 51b6219c3..e03797ce2 100644 --- a/searx/poolrequests.py +++ b/searx/poolrequests.py @@ -1,9 +1,33 @@ -import requests - +import sys +from time import time from itertools import cycle from threading import RLock, local + +import requests + from searx import settings -from time import time +from searx import logger + + +logger = logger.getChild('poolrequests') + + +try: + import ssl + if ssl.OPENSSL_VERSION_INFO[0:3] < (1, 0, 2): + # https://github.com/certifi/python-certifi#1024-bit-root-certificates + logger.critical('You are using an old openssl version({0}), please upgrade above 1.0.2!' + .format(ssl.OPENSSL_VERSION)) + sys.exit(1) +except ImportError: + ssl = None +if not getattr(ssl, "HAS_SNI", False): + try: + import OpenSSL # pylint: disable=unused-import + except ImportError: + logger.critical("ssl doesn't support SNI and the pyopenssl module is not installed.\n" + "Some HTTPS connections will fail") + sys.exit(1) class HTTPAdapterWithConnParams(requests.adapters.HTTPAdapter): diff --git a/searx/webapp.py b/searx/webapp.py index bba37cce1..2be15ab91 100755 --- a/searx/webapp.py +++ b/searx/webapp.py @@ -78,13 +78,6 @@ from searx.plugins.oa_doi_rewrite import get_doi_resolver from searx.preferences import Preferences, ValidationException, LANGUAGE_CODES from searx.answerers import answerers -# check if the pyopenssl package is installed. -# It is needed for SSL connection without trouble, see #298 -try: - import OpenSSL.SSL # NOQA -except ImportError: - logger.critical("The pyopenssl package has to be installed.\n" - "Some HTTPS connections will fail") # serve pages with HTTP/1.1 from werkzeug.serving import WSGIRequestHandler