From bed59cec5e5a9a5668cf2c7df3a24545b1e76c09 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Gardo=C5=84?= <garjack555@gmail.com>
Date: Tue, 8 Aug 2017 10:18:11 +0200
Subject: [PATCH] Add option '--no-cert-checks' for 'upload' sub command.

This option allow to bypass verification ssl certification while
establishing connection with Gerrit to upload review.

Change-Id: If2e15f5a273c18a700eb5093ca8a4d5a4cbf80cd
---
 git_config.py     |  9 +++++++--
 project.py        | 11 +++++++----
 subcmds/upload.py |  7 ++++++-
 3 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/git_config.py b/git_config.py
index e00f6be2..fb4377cf 100644
--- a/git_config.py
+++ b/git_config.py
@@ -20,6 +20,7 @@ import errno
 import json
 import os
 import re
+import ssl
 import subprocess
 import sys
 try:
@@ -604,7 +605,7 @@ class Remote(object):
     connectionUrl = self._InsteadOf()
     return _preconnect(connectionUrl)
 
-  def ReviewUrl(self, userEmail):
+  def ReviewUrl(self, userEmail, validate_certs):
     if self._review_url is None:
       if self.review is None:
         return None
@@ -637,7 +638,11 @@ class Remote(object):
       else:
         try:
           info_url = u + 'ssh_info'
-          info = urllib.request.urlopen(info_url).read()
+          if not validate_certs:
+              context = ssl._create_unverified_context()
+              info = urllib.request.urlopen(info_url, context=context).read()
+          else:
+              info = urllib.request.urlopen(info_url).read()
           if info == 'NOT_AVAILABLE' or '<' in info:
             # If `info` contains '<', we assume the server gave us some sort
             # of HTML response back, like maybe a login page.
diff --git a/project.py b/project.py
index 0b7baeed..c2cccb4f 100644
--- a/project.py
+++ b/project.py
@@ -178,14 +178,16 @@ class ReviewableBranch(object):
                       draft=False,
                       private=False,
                       wip=False,
-                      dest_branch=None):
+                      dest_branch=None,
+                      validate_certs=True):
     self.project.UploadForReview(self.name,
                                  people,
                                  auto_topic=auto_topic,
                                  draft=draft,
                                  private=private,
                                  wip=wip,
-                                 dest_branch=dest_branch)
+                                 dest_branch=dest_branch,
+                                 validate_certs=validate_certs)
 
   def GetPublishedRefs(self):
     refs = {}
@@ -1113,7 +1115,8 @@ class Project(object):
                       draft=False,
                       private=False,
                       wip=False,
-                      dest_branch=None):
+                      dest_branch=None,
+                      validate_certs=True):
     """Uploads the named branch for code review.
     """
     if branch is None:
@@ -1138,7 +1141,7 @@ class Project(object):
       branch.remote.projectname = self.name
       branch.remote.Save()
 
-    url = branch.remote.ReviewUrl(self.UserEmail)
+    url = branch.remote.ReviewUrl(self.UserEmail, validate_certs)
     if url is None:
       raise UploadError('review not configured')
     cmd = ['push']
diff --git a/subcmds/upload.py b/subcmds/upload.py
index 61b18bc2..60feff7a 100644
--- a/subcmds/upload.py
+++ b/subcmds/upload.py
@@ -181,6 +181,9 @@ Gerrit Code Review:  http://code.google.com/p/gerrit/
     #   Never run upload hooks, but upload anyway (AKA bypass hooks).
     # - no-verify=True, verify=True:
     #   Invalid
+    p.add_option('--no-cert-checks',
+                 dest='validate_certs', action='store_false', default=True,
+                 help='Disable verifying ssl certs (unsafe).')
     p.add_option('--no-verify',
                  dest='bypass_hooks', action='store_true',
                  help='Do not run the upload hook.')
@@ -389,7 +392,9 @@ Gerrit Code Review:  http://code.google.com/p/gerrit/
                                draft=opt.draft,
                                private=opt.private,
                                wip=opt.wip,
-                               dest_branch=destination)
+                               dest_branch=destination,
+                               validate_certs=opt.validate_certs)
+
         branch.uploaded = True
       except UploadError as e:
         branch.error = e