Added possibility of running exchangelib with older certificates and versions

frikky · frikky · commit 3b28b63de366 · 2022-03-20T23:20:09.000+01:00
diff --git a/outlook_owa/1.0.0/Dockerfile b/outlook_owa/1.0.0/Dockerfile
@@ -7,7 +7,7 @@ RUN apk update && \
 # We're going to stage away all of the bloat from the build tools so lets create a builder stage
 
 FROM base as builder
-RUN apk add --no-cache build-base gcc musl-dev python3-dev libffi-dev libxml2-dev libxslt-dev alpine-sdk openssl-dev libc-dev
+RUN apk add --no-cache build-base gcc musl-dev python3-dev libffi-dev libxml2-dev libxslt-dev alpine-sdk openssl-dev libc-dev ca-certificates
 RUN pip install --no-cache-dir -U pip && \
     pip wheel --no-cache-dir --wheel-dir=/root/lxml_wheel lxml
 
@@ -32,6 +32,11 @@ RUN python -OO -m pip install --no-cache --no-index --find-links=/root/lxml_whee
 COPY --from=builder /install /usr/local
 COPY src /app
 
+## Ensuring we can handle OLD exchange servers
+RUN echo "MinProtocol = TLSv1/" >> /etc/ssl/openssl.cnf
+run echo "CipherString = DEFAULT@SECLEVEL=1/" >> /etc/ssl/openssl.cnf
+RUN cat /etc/ssl/openssl.cnf
+
 # Finally, lets run our app!
 WORKDIR /app
 CMD python app.py --log-level DEBUG
diff --git a/outlook_owa/1.0.0/src/app.py b/outlook_owa/1.0.0/src/app.py
@@ -22,6 +22,23 @@
 from exchangelib.protocol import BaseProtocol, NoVerifyHTTPAdapter
 from walkoff_app_sdk.app_base import AppBase
 
+import requests
+from urllib.parse import urlparse
+
+class RootCAAdapter(requests.adapters.HTTPAdapter):
+    """
+    An HTTP adapter that uses a custom root CA certificate at a hard coded
+    location.
+    """
+
+    def cert_verify(self, conn, url, verify, cert):
+        #cert_file = {
+        #    'example.com': '/path/to/example.com.crt',
+        #    'mail.internal': '/path/to/mail.internal.crt',
+        #}[urlparse(url).hostname]
+        #super().cert_verify(conn=conn, url=url, verify=cert_file, cert=cert)
+
+        super().cert_verify(conn=conn, url=url, verify=False, cert=cert)
 
 def default(o):
     """helpers to store item in json
@@ -55,8 +72,10 @@ def authenticate(self, username, password, server, build, account, verifyssl):
         """
         Authenticates to Exchange server
         """
+
+        BaseProtocol.USERAGENT = "Shuffle Automation"
         if not verifyssl or verifyssl.lower().strip() == "false":
-            BaseProtocol.HTTP_ADAPTER_CLS = NoVerifyHTTPAdapter
+            BaseProtocol.HTTP_ADAPTER_CLS = RootCAAdapter 
 
         processed_build = None
         if type(build) == str:
