Merge branch 'develop'

ckanext/invalid_uris/config_declaration.yaml

@@ -1,4 +1,3 @@
-
 version: 1
 groups:
   - annotation: ckanext-invalid_uris
@@ -20,11 +19,14 @@ groups:
         default: true
         description: Whether to verify the SSL certificate
 
+      - key: ckanext.invalid_uris.ca_bundle_certificate_path
+        description: The path to the CA bundle certificate
+
       - key: ckanext.invalid_uris.retry_attempts
         type: int
         default: 3
         description: The number of times to retry a request
-      
+
       - key: ckanext.invalid_uris.recipient_name
         default: "Open Data"
         description: The name of the recipient of the data
@@ -34,4 +36,4 @@ groups:
 
       - key: ckanext.invalid_uris.domain_whitelist
         type: list
-        description: A list of domains to allow requests to
+        description: A list of domains to allow requests to

ckanext/invalid_uris/helpers.py

@@ -28,8 +28,9 @@ def valid_uri(uri, retries=0, method='head'):
     timeout = timeout * (retries+1)
     user_agent = config.get('ckanext.invalid_uris.user_agent')
     verify_certificate = toolkit.asbool(config.get('ckanext.invalid_uris.verify_certificate', True))
+    ca_bundle_path = config.get('ckanext.invalid_uris.ca_bundle_certificate_path', True)
     retry_attempts = toolkit.asint(config.get('ckanext.invalid_uris.retry_attempts', 3))
-    
+
     try:
         if proxy:
             proxies = {
@@ -44,7 +45,7 @@ def valid_uri(uri, retries=0, method='head'):
             method=method,
             url=uri,
             headers=headers,
-            verify=verify_certificate,
+            verify=ca_bundle_path if verify_certificate else False,
             timeout=timeout,
             proxies=proxies,
             allow_redirects=True,