Merge pull request #1020 from minrk/ssl-only-when-used

only import ssl if it's used
2025-03-01 12:56:54 +08:00 · 2016-01-28 15:29:22 -05:00 · 2016-01-28 15:29:22 -05:00 · 807f4501a2
commit 807f4501a2
parent 73520656a7 e95e00db9a
1 changed files with 6 additions and 4 deletions
--- a/notebook/notebookapp.py
+++ b/notebook/notebookapp.py
@ -19,12 +19,10 @@ import re
 import select
 import signal
 import socket
-import ssl
 import sys
 import threading
 import webbrowser

-
 from jinja2 import Environment, FileSystemLoader

 # Install the pyzmq ioloop. This has to be done before anything else from
@ -870,13 +868,17 @@ class NotebookApp(JupyterApp):
            ssl_options['keyfile'] = self.keyfile
        if self.client_ca:
            ssl_options['ca_certs'] = self.client_ca
-            ssl_options['cert_reqs'] = ssl.CERT_REQUIRED
        if not ssl_options:
            # None indicates no SSL config
            ssl_options = None
        else:
+            # SSL may be missing, so only import it if it's to be used
+            import ssl
            # Disable SSLv3, since its use is discouraged.
-            ssl_options['ssl_version']=ssl.PROTOCOL_TLSv1
+            ssl_options['ssl_version'] = ssl.PROTOCOL_TLSv1
+            if ssl_options.get('ca_certs', False):
+                ssl_options['cert_reqs'] = ssl.CERT_REQUIRED
+        
        self.login_handler_class.validate_security(self, ssl_options=ssl_options)
        self.http_server = httpserver.HTTPServer(self.web_app, ssl_options=ssl_options,
                                                 xheaders=self.trust_xheaders)