Merge pull request #380 from SickRage/hounddawgs-ssl

Hounddawgs ssl

lib/certifi/__init__.py

-from .core import where
\ No newline at end of file
+from .core import where, old_where
+
+__version__ = "2015.11.20.1"

lib/certifi/core.py

@@ -7,13 +7,30 @@ certifi.py
 
 This module returns the installation location of cacert.pem.
 """
-
 import os
+import warnings
+
+
+class DeprecatedBundleWarning(DeprecationWarning):
+    """
+    The weak security bundle is being deprecated. Please bother your service
+    provider to get them to stop using cross-signed roots.
+    """
+
 
 def where():
     f = os.path.split(__file__)[0]
 
     return os.path.join(f, 'cacert.pem')
 
+
+def old_where():
+    warnings.warn(
+        "The weak security bundle is being deprecated.",
+        DeprecatedBundleWarning
+    )
+    f = os.path.split(__file__)[0]
+    return os.path.join(f, 'weak.pem')
+
 if __name__ == '__main__':
     print(where())

lib/certifi/old_root.pem

@@ -385,3 +385,30 @@ GwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l9
 3PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0P
 lZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/
 -----END CERTIFICATE-----
+
+# Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+# Subject: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
+# Label: "Equifax Secure Certificate Authority"
+# Serial: 903804111
+# MD5 Fingerprint: 67:cb:9d:c0:13:24:8a:82:9b:b2:17:1e:d1:1b:ec:d4
+# SHA1 Fingerprint: d2:32:09:ad:23:d3:14:23:21:74:e4:0d:7f:9d:62:13:97:86:63:3a
+# SHA256 Fingerprint: 08:29:7a:40:47:db:a2:36:80:c7:31:db:6e:31:76:53:ca:78:48:e1:be:bd:3a:0b:01:79:a7:07:f9:2c:f1:78
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
+UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
+dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
+MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
+dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
+BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
+cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
+AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
+MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
+aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
+ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
+IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
+MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
+A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
+7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
+1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
+-----END CERTIFICATE-----

sickbeard/helpers.py

@@ -1387,7 +1387,7 @@ def _setUpSession(session, headers):
         session.headers.update(headers)
 
     # request session ssl verify
-    session.verify = certifi.where() if sickbeard.SSL_VERIFY else False
+    session.verify = certifi.old_where() if sickbeard.SSL_VERIFY else False
 
     # request session proxies
     if 'Referer' not in session.headers and sickbeard.PROXY_SETTING:

tests/ssl_sni_tests.py

@@ -40,7 +40,7 @@ class SniTests(unittest.TestCase):
     """
     Test SNI
     """
-    self_signed_cert_providers = ["Womble's Index", "Libertalia"]
+    self_signed_cert_providers = ["Womble's Index", "Libertalia", "HoundDawgs"]
 
     def test_sni_urls(self):
         """
@@ -52,7 +52,7 @@ class SniTests(unittest.TestCase):
         for provider in [provider for provider in providers.makeProviderList() if provider.name not in self.self_signed_cert_providers]:
             print 'Checking %s' % provider.name
             try:
-                requests.head(provider.url, verify=certifi.where(), timeout=5)
+                requests.head(provider.url, verify=certifi.old_where(), timeout=10)
             except requests.exceptions.Timeout:
                 pass
             except requests.exceptions.SSLError as error: