Merge pull request #2098 from DataDog/olivielpeau/windows-requests-ca…

…-bundle [windows][requests] Bundle default CA certs of `requests`
DataDog · Nov 21, 2015 · 7a40131 · 7a40131
2 parents 1c977e5 + ae08a75
commit 7a40131
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 2 deletions.
diff --git a/config.py b/config.py
@@ -620,6 +620,26 @@ def set_win32_cert_path():
     log.info("Windows certificate path: %s" % crt_path)
     tornado.simple_httpclient._DEFAULT_CA_CERTS = crt_path
 
+
+def set_win32_requests_ca_bundle_path():
+    """In order to allow `requests` to validate SSL requests with the packaged .exe on Windows,
+    we need to override the default certificate location which is based on the location of the
+    requests or certifi libraries.
+
+    We override the path directly in requests.adapters so that the override works even when the
+    `requests` lib has already been imported
+    """
+    import requests.adapters
+    if hasattr(sys, 'frozen'):
+        # we're frozen - from py2exe
+        prog_path = os.path.dirname(sys.executable)
+        ca_bundle_path = os.path.join(prog_path, 'cacert.pem')
+        requests.adapters.DEFAULT_CA_BUNDLE_PATH = ca_bundle_path
+
+    log.info("Default CA bundle path of the requests library: {0}"
+             .format(requests.adapters.DEFAULT_CA_BUNDLE_PATH))
+
+
 def get_confd_path(osname=None):
     if not osname:
         osname = get_os()

diff --git a/setup.py b/setup.py
@@ -5,6 +5,7 @@
 
 # 3p
 from setuptools import find_packages, setup
+from requests.certs import where
 
 # project
 from config import get_version
@@ -116,7 +117,8 @@ def __init__(self, **kw):
         'data_files': [
             ("Microsoft.VC90.CRT", glob(r'C:\Python27\redist\*.*')),
             ('jmxfetch', [r'checks\libs\%s' % JMX_FETCH_JAR_NAME]),
-            ('gohai', [r'gohai\gohai.exe'])
+            ('gohai', [r'gohai\gohai.exe']),
+            ('', [where()]),  # CA certificates bundled with `requests`
         ],
     }
 

diff --git a/win32/agent.py b/win32/agent.py
@@ -22,6 +22,7 @@
     load_check_directory,
     PathNotFound,
     set_win32_cert_path,
+    set_win32_requests_ca_bundle_path,
 )
 from ddagent import Application
 import dogstatsd
@@ -198,6 +199,7 @@ def run(self):
         from config import initialize_logging
         initialize_logging('windows_collector')
         log.debug("Windows Service - Starting collector")
+        set_win32_requests_ca_bundle_path()
         emitters = self.get_emitters()
         systemStats = get_system_stats()
         self.collector = Collector(self.config, emitters, systemStats, self.hostname)

diff --git a/win32/shell.py b/win32/shell.py
@@ -1,8 +1,9 @@
 import traceback
 
 def shell():
-    from config import get_version
+    from config import get_version, set_win32_requests_ca_bundle_path
 
+    set_win32_requests_ca_bundle_path()
     print """
 Datadog Agent v%s - Python Shell