From 93f7f7eee2e843b3b3057b7854508c68c6432f3e Mon Sep 17 00:00:00 2001 From: Alexandre Flament Date: Tue, 15 Sep 2020 10:54:31 +0200 Subject: [PATCH] [mod] upgrade requests to version 2.24.0. use ssl instead of pyopenssl. requests 2.24.0 uses the ssl module except if it doesn't support SNI, in this case searx fallbacks to pyopenssl. searx logs a critical message and exit if the ssl modules doesn't support SNI and pyOpenSSL is not installed. searx logs a critical message and exit if the ssl version is older than 1.0.2. in requirements.txt, pyopenssl is still required to install searx as a fallback. --- requirements.txt | 6 +++--- searx/__init__.py | 9 --------- searx/poolrequests.py | 30 +++++++++++++++++++++++++++--- searx/webapp.py | 7 ------- 4 files changed, 30 insertions(+), 22 deletions(-) diff --git a/requirements.txt b/requirements.txt index 5d508d7ee..a3350d2d2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,12 +1,12 @@ -certifi==2020.4.5.1 +certifi==2020.6.20 babel==2.7.0 flask-babel==1.0.0 flask==1.1.2 -idna==2.9 +idna==2.10 jinja2==2.11.1 lxml==4.5.0 pygments==2.1.3 pyopenssl==19.1.0 python-dateutil==2.8.0 pyyaml==5.3.1 -requests[socks]==2.23.0 +requests[socks]==2.24.0 diff --git a/searx/__init__.py b/searx/__init__.py index 80a7ffc76..b90cf5358 100644 --- a/searx/__init__.py +++ b/searx/__init__.py @@ -15,12 +15,10 @@ along with searx. If not, see < http://www.gnu.org/licenses/ >. (C) 2013- by Adam Tauber, ''' -import certifi import logging from os import environ from os.path import realpath, dirname, join, abspath, isfile from io import open -from ssl import OPENSSL_VERSION_INFO, OPENSSL_VERSION from yaml import safe_load @@ -81,13 +79,6 @@ else: logger = logging.getLogger('searx') logger.debug('read configuration from %s', settings_path) -# Workaround for openssl versions <1.0.2 -# https://github.com/certifi/python-certifi/issues/26 -if OPENSSL_VERSION_INFO[0:3] < (1, 0, 2): - if hasattr(certifi, 'old_where'): - environ['REQUESTS_CA_BUNDLE'] = certifi.old_where() - logger.warning('You are using an old openssl version({0}), please upgrade above 1.0.2!'.format(OPENSSL_VERSION)) - logger.info('Initialisation done') if 'SEARX_SECRET' in environ: diff --git a/searx/poolrequests.py b/searx/poolrequests.py index 51b6219c3..e03797ce2 100644 --- a/searx/poolrequests.py +++ b/searx/poolrequests.py @@ -1,9 +1,33 @@ -import requests - +import sys +from time import time from itertools import cycle from threading import RLock, local + +import requests + from searx import settings -from time import time +from searx import logger + + +logger = logger.getChild('poolrequests') + + +try: + import ssl + if ssl.OPENSSL_VERSION_INFO[0:3] < (1, 0, 2): + # https://github.com/certifi/python-certifi#1024-bit-root-certificates + logger.critical('You are using an old openssl version({0}), please upgrade above 1.0.2!' + .format(ssl.OPENSSL_VERSION)) + sys.exit(1) +except ImportError: + ssl = None +if not getattr(ssl, "HAS_SNI", False): + try: + import OpenSSL # pylint: disable=unused-import + except ImportError: + logger.critical("ssl doesn't support SNI and the pyopenssl module is not installed.\n" + "Some HTTPS connections will fail") + sys.exit(1) class HTTPAdapterWithConnParams(requests.adapters.HTTPAdapter): diff --git a/searx/webapp.py b/searx/webapp.py index bba37cce1..2be15ab91 100755 --- a/searx/webapp.py +++ b/searx/webapp.py @@ -78,13 +78,6 @@ from searx.plugins.oa_doi_rewrite import get_doi_resolver from searx.preferences import Preferences, ValidationException, LANGUAGE_CODES from searx.answerers import answerers -# check if the pyopenssl package is installed. -# It is needed for SSL connection without trouble, see #298 -try: - import OpenSSL.SSL # NOQA -except ImportError: - logger.critical("The pyopenssl package has to be installed.\n" - "Some HTTPS connections will fail") # serve pages with HTTP/1.1 from werkzeug.serving import WSGIRequestHandler