Use global certificates now that we have letsencrypt set up. Also fal…

…l back to plain http because many places are missing letsencrypt certificates.

wraptool.py

@@ -20,11 +20,6 @@
 import shutil
 import platform
 try:
-    # FIXME for some unknown reason ssl connections
-    # fail on OSX. Thus fall back to unencrypted
-    # traffic.
-    if platform.system().lower() == 'darwin':
-        import nonexisting
     import ssl
     has_ssl = True
     API_ROOT = 'https://wrapdb.mesonbuild.com/v1/'
@@ -37,40 +32,6 @@
 
 from glob import glob
 
-wrapdb_certificate = '''-----BEGIN CERTIFICATE-----
-MIIFkzCCA3ugAwIBAgIJAIjVMWLmbJWUMA0GCSqGSIb3DQEBCwUAMGAxCzAJBgNV
-BAYTAkZJMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxGjAYBgNVBAoMEVRoZSBNZXNv
-biBQcm9qZWN0MR4wHAYDVQQDDBV3cmFwZGIubWVzb25idWlsZC5jb20wHhcNMTUw
-NzIxMTk0NjI1WhcNMTYwNzIwMTk0NjI1WjBgMQswCQYDVQQGEwJGSTEVMBMGA1UE
-BwwMRGVmYXVsdCBDaXR5MRowGAYDVQQKDBFUaGUgTWVzb24gUHJvamVjdDEeMBwG
-A1UEAwwVd3JhcGRiLm1lc29uYnVpbGQuY29tMIICIjANBgkqhkiG9w0BAQEFAAOC
-Ag8AMIICCgKCAgEArucsF2GNXW6PqGlW3egD3LxIX+YTWc7MscM5MFryoQEdCsxm
-ME50J2bKZxyJIO+0bCyjvGQNbQxNIvu03ftMYVvbr949km+qafFy63U+QISXOdK1
-oAPIeQnxjwTt+xK/2E8NjChQeWMOb6iX0hsxRtBWoL35SP541xGjgjWKOJTErqcV
-YdDiiTaChZMb9oV4qNEipBKHvU0EmLsF1Lm8psw332QlR5eqmCk12LtV7l5kVH38
-XD+aDpuB5CajcWdEQMDk4rDW6HkjNGnxYRWglMop1WbQvBLVlQ3r16BQT/Gz6x/B
-5CLNjiQ1D9LzaGK0UUr2NnxXiZyE0DgNVK9HlNilE4tjapY4mRK2XanGKuCVIGhY
-xuKB2UI2XbKXweNphHZh5L6a5tutxqkcj+ic0J7Fk+Kyk5smmjQC6DNRxEiQ88CJ
-v7K29KaoqN0q/Gp5abc0YOXR9uA2L8TFbd+I58flSPL9XB/iYcTB4ExIHvYhzSjZ
-P0HvkA3mpFpWcvpbGAhA4JkPBQL8jgUQlZnbKb2EdXKEwR7ccOuEEpQW0WL+qGBV
-vm2xyrO+0Xr1pz0NKiPiBTi6pT883/9Jq1ybngBlyx1xBAF0cxJI8OrdkvYR0U2D
-8I94AwKJRGiYgwsR/0OEY1CBXZDEs29AJYy8S+W1VUphwwL0+7meqUue1ucCAwEA
-AaNQME4wHQYDVR0OBBYEFBHwvUp78l9J1g1LmElHnh3clzyBMB8GA1UdIwQYMBaA
-FBHwvUp78l9J1g1LmElHnh3clzyBMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEL
-BQADggIBAGiS/N3rchOTNADL9iGPEwTBt4aN3RzGALoxmQz/xahyr4NwsjY8rag5
-hVr1M6eZ3+NTRRC3fgPMGYVBbuN51N9SffEgRjAZzOkmBX7fLwTFY3ywsddWiomF
-8kstor3103IEzPej9nNlQOht7+HKd1ggchji8+zFFGedmOxLweY5985Ze6TNaqVD
-ONZ2u7RmkfpgNUDoMsfHyRnENcsQrJXXS1Pp2TRhb/+0NrqrdSorIKYlt5FP/GkZ
-OBdm61RfwHLi72SmkeDGPeOYoS2b0SYNuoXHIX+fjVOOIES0A4jRXsQC10cKGZws
-IuXNVLrWaLQq874op0oVteR5guW7Rr0KGRNA6MJt67H2VxPtoyaxCXjygoX0+a92
-KlDBb8geKOkNfoXg4fRF2Qxh+j5VLBgJyR+x/YYUdG89kDc+Tb3By3PVWi5ypAPC
-UPYkc0F8hB9h9KYe78UnzqIRw+YjFN8bKJQS+DXBLyRmp35gn1yp/Vw2O7Vk+E7m
-SuYF28YTKF/woZWdJH1aQDO0erUBXdiycZVeKbdm3jenNPHTiF/Wt22CXIlGjj83
-G+eGrvfQVk3oXRn+YlypIbxkV8eI1wOina799oiflQmvV8EevAS4dkJObahV6rtZ
-qf3ZjWGS595JCwW0fq6AAtL+ygMSr6+DcjGibYbWTL3GmiMtUeWr
------END CERTIFICATE-----
-'''
-
 help_templ = '''This program allows you to manage your Wrap dependencies
 using the online wrap database http://wrapdb.mesonbuild.com.
 
@@ -100,23 +61,27 @@ def build_ssl_context():
     ctx.options |= ssl.OP_NO_SSLv2
     ctx.options |= ssl.OP_NO_SSLv3
     ctx.verify_mode = ssl.CERT_REQUIRED
-    ctx.load_verify_locations(cadata=wrapdb_certificate)
+    ctx.load_default_certs()
     return ctx
 
 def open_wrapdburl(urlstring):
     global ssl_warning_printed
     if has_ssl:
-        return urllib.request.urlopen(urlstring, context=build_ssl_context())
-    else:
-        if not ssl_warning_printed:
-            print('Warning: ssl not available, traffic not authenticated.',
-                  file=sys.stderr)
-            ssl_warning_printed = True
-        # Trying to open SSL connection to wrapdb fails because the
-        # certificate is not known. Use plain http. For some
-        # reason OSX fails here again.
+        try:
+            return urllib.request.urlopen(urlstring)#, context=build_ssl_context())
+        except urllib.error.URLError:
+            if not ssl_warning_printed:
+                print('SSL connection failed. Falling back to unencrypted connections.')
+                ssl_warning_printed = True
+    if not ssl_warning_printed:
+        print('Warning: SSL not available, traffic not authenticated.',
+              file=sys.stderr)
+        ssl_warning_printed = True
+    # Trying to open SSL connection to wrapdb fails because the
+    # certificate is not known.
+    if urlstring.startswith('https'):
         urlstring = 'http' + urlstring[5:]
-        return urllib.request.urlopen(urlstring)
+    return urllib.request.urlopen(urlstring)
 
 def get_result(urlstring):
     u = open_wrapdburl(urlstring)