deepblue/GoogleDriveManagement
1
0
Fork 0
mirror of https://github.com/GAM-team/GAM.git synced 2026-06-28 18:01:36 +00:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

further checkconn diagnostics data

Browse Source
This commit is contained in:
Jay Lee
2026-03-03 19:46:50 -05:00
parent 41535666b6
commit d87ece177d
1 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/gam/__init__.py
View File

@@ -9499,6 +9499,26 @@ def getOSPlatform():
pltfrm = platform.platform()
return f'{myos} {pltfrm}'
def inspect_untrusted_cert(url):
"""Bypasses validation momentarily to extract the untrusted Issuer."""
parsed = urlparse(url if '://' in url else f'https://{url}')
host = parsed.hostname
port = parsed.port or 443
# Create an unverified context purely for diagnostic extraction
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
try:
with socket.create_connection((host, port), timeout=5) as sock:
with ctx.wrap_socket(sock, server_hostname=host) as ssock:
der_cert = ssock.getpeercert(binary_form=True)
cert = x509.load_der_x509_certificate(der_cert, default_backend())
issuer = cert.issuer.rfc4514_string()
subject = cert.subject.rfc4514_string()
return f"Untrusted Issuer: {issuer}\n Server Subject: {subject}"
except Exception as e:
return f"Failed to retrieve diagnostic certificate: {e}"
# gam checkconnection
def doCheckConnection():
@@ -9535,8 +9555,9 @@ def doCheckConnection():
except httplib2.error.ServerNotFoundError:
writeStdout(f'{not_okay}\n Failed to find server. Your DNS is probably misconfigured.\n')
except ssl.SSLCertVerificationError as e:
diag_info = inspect_untrusted_cert(host)
# e.verify_message contains the specific OpenSSL error string
writeStdout(f'{not_okay}\n Certificate verification failed: {e.verify_message}\n If you are behind a firewall / proxy server that does TLS / SSL inspection you may need to point GAM at your certificate authority file by setting cacerts_pem = /path/to/your/certauth.pem in gam.cfg.\n')
writeStdout(f'{not_okay}\n Certificate verification failed: {e.verify_message}\n Diagnostic Info:\n {diag_info}\nIf you are behind a firewall / proxy server that does TLS / SSL inspection you may need to point GAM at your certificate authority file by setting cacerts_pem = /path/to/your/certauth.pem in gam.cfg.\n')
except ssl.SSLError as e:
if e.reason == 'SSLV3_ALERT_HANDSHAKE_FAILURE':
writeStdout(f'{not_okay}\n GAM expects to connect with TLS 1.3 or newer and that failed. If your firewall / proxy server is not compatible with TLS 1.3 then you can tell GAM to allow TLS 1.2 by setting tls_min_version = TLSv1.2 in gam.cfg.\n')