[mod] upgrade requests to version 2.24.0. use ssl instead of pyopenssl.

requests 2.24.0 uses the ssl module except if it doesn't support SNI, in this case searx fallbacks to pyopenssl. searx logs a critical message and exit if the ssl modules doesn't support SNI and pyOpenSSL is not installed. searx logs a critical message and exit if the ssl version is older than 1.0.2. in requirements.txt, pyopenssl is still required to install searx as a fallback.
2020-09-15 10:54:31 +02:00 · 2020-09-15 10:54:31 +02:00 · 93f7f7eee2
parent 21dbc7e852
commit 93f7f7eee2
4 changed files with 30 additions and 22 deletions
--- a/requirements.txt
+++ b/requirements.txt
@ -1,12 +1,12 @@
-certifi==2020.4.5.1
+certifi==2020.6.20
 babel==2.7.0
 flask-babel==1.0.0
 flask==1.1.2
-idna==2.9
+idna==2.10
 jinja2==2.11.1
 lxml==4.5.0
 pygments==2.1.3
 pyopenssl==19.1.0
 python-dateutil==2.8.0
 pyyaml==5.3.1
-requests[socks]==2.23.0
+requests[socks]==2.24.0
--- a/searx/init.py
+++ b/searx/init.py
@ -15,12 +15,10 @@ along with searx. If not, see < http://www.gnu.org/licenses/ >.
 (C) 2013- by Adam Tauber, <asciimoo@gmail.com>
 '''

-import certifi
 import logging
 from os import environ
 from os.path import realpath, dirname, join, abspath, isfile
 from io import open
-from ssl import OPENSSL_VERSION_INFO, OPENSSL_VERSION
 from yaml import safe_load


@ -81,13 +79,6 @@ else:

 logger = logging.getLogger('searx')
 logger.debug('read configuration from %s', settings_path)
-# Workaround for openssl versions <1.0.2
-# https://github.com/certifi/python-certifi/issues/26
-if OPENSSL_VERSION_INFO[0:3] < (1, 0, 2):
-    if hasattr(certifi, 'old_where'):
-        environ['REQUESTS_CA_BUNDLE'] = certifi.old_where()
-    logger.warning('You are using an old openssl version({0}), please upgrade above 1.0.2!'.format(OPENSSL_VERSION))
-
 logger.info('Initialisation done')

 if 'SEARX_SECRET' in environ:
--- a/searx/poolrequests.py
+++ b/searx/poolrequests.py
@ -1,9 +1,33 @@
-import requests
-
+import sys
+from time import time
 from itertools import cycle
 from threading import RLock, local
+
+import requests
+
 from searx import settings
-from time import time
+from searx import logger
+
+
+logger = logger.getChild('poolrequests')
+
+
+try:
+    import ssl
+    if ssl.OPENSSL_VERSION_INFO[0:3] < (1, 0, 2):
+        # https://github.com/certifi/python-certifi#1024-bit-root-certificates
+        logger.critical('You are using an old openssl version({0}), please upgrade above 1.0.2!'
+                        .format(ssl.OPENSSL_VERSION))
+        sys.exit(1)
+except ImportError:
+    ssl = None
+if not getattr(ssl, "HAS_SNI", False):
+    try:
+        import OpenSSL  # pylint: disable=unused-import
+    except ImportError:
+        logger.critical("ssl doesn't support SNI and the pyopenssl module is not installed.\n"
+                        "Some HTTPS connections will fail")
+        sys.exit(1)


 class HTTPAdapterWithConnParams(requests.adapters.HTTPAdapter):
--- a/searx/webapp.py
+++ b/searx/webapp.py
@ -78,13 +78,6 @@ from searx.plugins.oa_doi_rewrite import get_doi_resolver
 from searx.preferences import Preferences, ValidationException, LANGUAGE_CODES
 from searx.answerers import answerers

-# check if the pyopenssl package is installed.
-# It is needed for SSL connection without trouble, see #298
-try:
-    import OpenSSL.SSL  # NOQA
-except ImportError:
-    logger.critical("The pyopenssl package has to be installed.\n"
-                    "Some HTTPS connections will fail")

 # serve pages with HTTP/1.1
 from werkzeug.serving import WSGIRequestHandler