dlenski · dlenski · Apr 20, 2024 · Apr 16, 2024 · Apr 16, 2024 · Apr 19, 2024
diff --git a/gp_saml_gui.py b/gp_saml_gui.py
@@ -24,7 +24,7 @@
 import tempfile
 
 from operator import setitem
-from os import path, dup2, execvp
+from os import path, dup2, execvp, environ
 from shlex import quote
 from sys import stderr, platform
 from binascii import a2b_base64, b2a_base64
@@ -212,10 +212,20 @@ class TLSAdapter(requests.adapters.HTTPAdapter):
     We have extracted the relevant value from <openssl/ssl.h>.
 
     '''
+
+    def __init__(self, verify=True):
+        self.verify = verify
+        super().__init__()
+
     def init_poolmanager(self, connections, maxsize, block=False):
         ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
         ssl_context.set_ciphers('DEFAULT:@SECLEVEL=1')
         ssl_context.options |= 1<<2  # OP_LEGACY_SERVER_CONNECT
+        ssl_context.check_hostname = self.verify
+        if hasattr(ssl_context, "keylog_filename"):
+            sslkeylogfile = environ.get("SSLKEYLOGFILE")
+            if sslkeylogfile:
+                ssl_context.keylog_filename = sslkeylogfile
         self.poolmanager = urllib3.PoolManager(
                 num_pools=connections,
                 maxsize=maxsize,
@@ -284,7 +294,7 @@ def main(args = None):
 
     s = requests.Session()
     if args.insecure:
-        s.mount('https://', TLSAdapter())
+        s.mount('https://', TLSAdapter(verify=args.verify))
     s.headers['User-Agent'] = 'PAN GlobalProtect' if args.user_agent is None else args.user_agent
     s.cert = args.cert