From d851c16da7e7063fb5ad89993a5933de2bfd88f1 Mon Sep 17 00:00:00 2001
From: morpheus65535 <louis_vezina@hotmail.com>
Date: Sun, 10 Oct 2021 23:31:38 -0400
Subject: [PATCH] Added a settings to disable SSL certificate validation for
 Podnapisi. Be careful as it's causing a security risk for a man in the middle
 (MitM) attack. #1565

---
 bazarr/config.py                             |  3 +++
 bazarr/get_providers.py                      |  1 +
 frontend/src/Settings/Providers/list.ts      | 12 +++++++++++-
 libs/subliminal_patch/providers/podnapisi.py |  8 +++++++-
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/bazarr/config.py b/bazarr/config.py
index a4b200f30..57e0d3ef0 100644
--- a/bazarr/config.py
+++ b/bazarr/config.py
@@ -134,6 +134,9 @@ defaults = {
         'username': '',
         'password': ''
     },
+    'podnapisi': {
+        'verify_ssl': 'True'
+    },
     'legendasdivx': {
         'username': '',
         'password': '',
diff --git a/bazarr/get_providers.py b/bazarr/get_providers.py
index f020250a0..fa23b40cc 100644
--- a/bazarr/get_providers.py
+++ b/bazarr/get_providers.py
@@ -147,6 +147,7 @@ def get_providers_auth():
         'podnapisi'       : {
             'only_foreign': False,  # fixme
             'also_foreign': False,  # fixme
+            'verify_ssl': settings.podnapisi.getboolean('verify_ssl')
         },
         'subscene'        : {
             'username'    : settings.subscene.username,
diff --git a/frontend/src/Settings/Providers/list.ts b/frontend/src/Settings/Providers/list.ts
index 1cb4ba177..d9e65e9f0 100644
--- a/frontend/src/Settings/Providers/list.ts
+++ b/frontend/src/Settings/Providers/list.ts
@@ -135,7 +135,17 @@ export const ProviderList: Readonly<ProviderInfo[]> = [
       use_hash: "Use Hash",
     },
   },
-  { key: "podnapisi" },
+  {
+    key: "podnapisi",
+    name: "Podnapisi",
+    defaultKey: {
+      verify_ssl: true,
+    },
+    keyNameOverride: {
+      verify_ssl:
+        "Verify SSL certificate (disabling introduce a MitM attack risk)",
+    },
+  },
   {
     key: "regielive",
     name: "RegieLive",
diff --git a/libs/subliminal_patch/providers/podnapisi.py b/libs/subliminal_patch/providers/podnapisi.py
index 2044228c5..9952240df 100644
--- a/libs/subliminal_patch/providers/podnapisi.py
+++ b/libs/subliminal_patch/providers/podnapisi.py
@@ -109,10 +109,12 @@ class PodnapisiSubtitle(_PodnapisiSubtitle):
 
         return matches
 
+
 class PodnapisiAdapter(HTTPAdapter):
     def init_poolmanager(self, connections, maxsize, block=False):
         ctx = ssl.create_default_context()
         ctx.set_ciphers('DEFAULT@SECLEVEL=1')
+        ctx.check_hostname = False
         self.poolmanager = poolmanager.PoolManager(
                 num_pools=connections,
                 maxsize=maxsize,
@@ -121,6 +123,7 @@ class PodnapisiAdapter(HTTPAdapter):
                 ssl_context=ctx
         )
 
+
 class PodnapisiProvider(_PodnapisiProvider, ProviderSubtitleArchiveMixin):
     languages = ({Language('por', 'BR'), Language('srp', script='Latn'), Language('srp', script='Cyrl')} |
                  {Language.fromalpha2(l) for l in language_converters['alpha2'].codes})
@@ -130,12 +133,14 @@ class PodnapisiProvider(_PodnapisiProvider, ProviderSubtitleArchiveMixin):
     server_url = 'https://podnapisi.net/subtitles/'
     only_foreign = False
     also_foreign = False
+    verify_ssl = True
     subtitle_class = PodnapisiSubtitle
     hearing_impaired_verifiable = True
 
-    def __init__(self, only_foreign=False, also_foreign=False):
+    def __init__(self, only_foreign=False, also_foreign=False, verify_ssl=True):
         self.only_foreign = only_foreign
         self.also_foreign = also_foreign
+        self.verify_ssl = verify_ssl
 
         if only_foreign:
             logger.info("Only searching for foreign/forced subtitles")
@@ -145,6 +150,7 @@ class PodnapisiProvider(_PodnapisiProvider, ProviderSubtitleArchiveMixin):
     def initialize(self):
         super().initialize()
         self.session.mount('https://', PodnapisiAdapter())
+        self.session.verify = self.verify_ssl
 
     def list_subtitles(self, video, languages):
         if video.is_special: