collective/nu-vpn-proxy
17
0
Fork 0
Code

better SSL error handling (especially, distinguish cert from non-cert errors)

Browse Source
This commit is contained in:
Daniel Lenski 2020-01-24 00:19:05 -08:00
parent 10e4628f35
commit dae4360c38
1 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
gp-saml-gui.py
View File

@ -7,6 +7,7 @@ import urllib
import requests import requests
import xml.etree.ElementTree as ET import xml.etree.ElementTree as ET
import os import os
import ssl
from shlex import quote from shlex import quote
from sys import stderr from sys import stderr
@ -126,7 +127,23 @@ if __name__ == "__main__":
sam, uri, html = 'URI', args.server, None sam, uri, html = 'URI', args.server, None
else: else:
endpoint = 'https://{}/{}/prelogin.esp'.format(args.server, ('global-protect' if args.portal else 'ssl-vpn')) endpoint = 'https://{}/{}/prelogin.esp'.format(args.server, ('global-protect' if args.portal else 'ssl-vpn'))
res = s.post(endpoint, verify=args.verify, data=args.extra) print("Looking for SAML auth tags in response to %s..." % endpoint, file=stderr)
try:
res = s.post(endpoint, verify=args.verify, data=args.extra)
except Exception as ex:
rootex = ex
while True:
if isinstance(rootex, ssl.SSLError):
break
elif not rootex.__cause__ and not rootex.__context__:
break
rootex = rootex.__cause__ or rootex.__context__
if isinstance(rootex, ssl.CertificateError):
p.error("SSL certificate error (try --no-verify to ignore): %s" % rootex)
elif isinstance(rootex, ssl.SSLError):
p.error("SSL error: %s" % rootex)
else:
raise
xml = ET.fromstring(res.content) xml = ET.fromstring(res.content)
sam = xml.find('saml-auth-method') sam = xml.find('saml-auth-method')
sr = xml.find('saml-request') sr = xml.find('saml-request')