From b88c8706bea83bddc2e382faf8470452207edccc Mon Sep 17 00:00:00 2001 From: ABelliqueux Date: Tue, 18 Oct 2022 17:16:00 +0200 Subject: [PATCH] Switch to unique SSL CA, add CAfile option --- app.py | 21 ++++++++++++++++++--- defaults.toml | 1 + videopi.toml | 1 + 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/app.py b/app.py index c318dbc..f7ca102 100755 --- a/app.py +++ b/app.py @@ -72,6 +72,7 @@ hosts = app.config['DEFAULT']['hosts'] port = app.config['DEFAULT']['port'] cmd_port = app.config['DEFAULT']['cmd_port'] useSSL = app.config['DEFAULT']['useSSL'] +CAfile = app.config['DEFAULT']['CAfile'] sync_facility = app.config['DEFAULT']['sync_facility'] headers = {"Authorization":"Basic " + auth} @@ -84,8 +85,14 @@ def isup(host_l, port): import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) if useSSL: - sslcontext = ssl.create_default_context(cafile=host_l + ".crt") - s = sslcontext.wrap_socket(s, server_hostname=host_l) + #sslcontext = ssl.create_default_context(cafile=host_l + ".crt") + sslcontext = ssl.create_default_context() + if os.path.exists(CAfile): + sslcontext.load_verify_locations(cafile=CAfile) + else: + sslcontext.check_hostname = False + sslcontext.verify_mode = ssl.CERT_NONE + s = sslcontext.wrap_socket(s, server_hostname=host_l) try: s.settimeout(3.0) s.connect((host_l, port)) @@ -226,7 +233,15 @@ def sendCommand(host, arg0, arg1, arg2): req = req + "&input=file://" + media_folder_remote + "/" + arg1 # Send request if useSSL: - sslcontext = ssl.create_default_context(cafile=host + ".crt") + #sslcontext = ssl.create_default_context(cafile=host_l + ".crt") + sslcontext = ssl.create_default_context() + if os.path.exists(CAfile): + sslcontext.load_verify_locations(cafile=CAfile) + else: + sslcontext.check_hostname = False + sslcontext.verify_mode = ssl.CERT_NONE + # ~ if useSSL: + # ~ sslcontext = ssl.create_default_context(cafile=host + ".crt") conn = http.client.HTTPSConnection( host + ":" + str(portl), timeout=3, context = sslcontext ) else: conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 ) diff --git a/defaults.toml b/defaults.toml index 50460db..c3cf052 100644 --- a/defaults.toml +++ b/defaults.toml @@ -1,6 +1,7 @@ [DEFAULT] DEBUG = 0 useSSL = false +CAfile = "selfCA.crt" # Could be scp, sftp ? sync_facility = "rsync" media_folder_local = "~/Videos" diff --git a/videopi.toml b/videopi.toml index 1628684..c900a93 100644 --- a/videopi.toml +++ b/videopi.toml @@ -1,6 +1,7 @@ [DEFAULT] DEBUG = 0 useSSL = true +CAfile = "selfCA.crt" # Can be rsync, scp, http sync_facility = "http" media_folder_local = "../medias"