workaround new limitation in requests

newer requests do not expose the internal SSL socket object so we cannot verify certificates. there was work to allow custom verification routines which we could use, but this never finished: https://github.com/shazow/urllib3/pull/257 so right now, just treat missing socket information as if the cert was missing. Closes: #76
2026-05-04 12:54:42 +00:00 · 2017-10-02 20:18:54 -04:00 · 2017-10-02 20:18:54 -04:00 · 9b12b5d66f
commit 9b12b5d66f
parent 9af06b968b
1 changed files with 8 additions and 1 deletions
--- a/linkcheck/checker/httpurl.py
+++ b/linkcheck/checker/httpurl.py
@ -194,6 +194,10 @@ class HttpUrl (internpaturl.InternPatternUrl, proxysupport.ProxySupport):
        """Get raw SSL socket."""
        assert self.scheme == u"https", self
        raw_connection = self.url_connection.raw._connection
+        if not raw_connection:
+            # this happens with newer requests versions:
+            # https://github.com/linkcheck/linkchecker/issues/76
+            return None
        if raw_connection.sock is None:
            # sometimes the socket is not yet connected
            # see https://github.com/kennethreitz/requests/issues/1966
@ -204,7 +208,10 @@ class HttpUrl (internpaturl.InternPatternUrl, proxysupport.ProxySupport):
        """Add SSL cipher info."""
        if self.scheme == u'https':
            sock = self._get_ssl_sock()
-            if hasattr(sock, 'cipher'):
+            if not sock:
+                log.debug(LOG_CHECK, "cannot extract SSL certificate from connection")
+                self.ssl_cert = None
+            elif hasattr(sock, 'cipher'):
                self.ssl_cert = sock.getpeercert()
            else:
                # using pyopenssl