pilpil
/
pilpil-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Switch to unique SSL CA, add CAfile option

This commit is contained in:
ABelliqueux 2022-10-18 17:16:00 +02:00
parent 56632f21e6
commit b88c8706be
3 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app.py
View File

@ -72,6 +72,7 @@ hosts = app.config['DEFAULT']['hosts']
port = app.config['DEFAULT']['port'] port = app.config['DEFAULT']['port']
cmd_port = app.config['DEFAULT']['cmd_port'] cmd_port = app.config['DEFAULT']['cmd_port']
useSSL = app.config['DEFAULT']['useSSL'] useSSL = app.config['DEFAULT']['useSSL']
CAfile = app.config['DEFAULT']['CAfile']
sync_facility = app.config['DEFAULT']['sync_facility'] sync_facility = app.config['DEFAULT']['sync_facility']
headers = {"Authorization":"Basic " + auth} headers = {"Authorization":"Basic " + auth}
@ -84,7 +85,13 @@ def isup(host_l, port):
import socket import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
if useSSL: if useSSL:
sslcontext = ssl.create_default_context(cafile=host_l + ".crt") #sslcontext = ssl.create_default_context(cafile=host_l + ".crt")
sslcontext = ssl.create_default_context()
if os.path.exists(CAfile):
sslcontext.load_verify_locations(cafile=CAfile)
else:
sslcontext.check_hostname = False
sslcontext.verify_mode = ssl.CERT_NONE
s = sslcontext.wrap_socket(s, server_hostname=host_l) s = sslcontext.wrap_socket(s, server_hostname=host_l)
try: try:
s.settimeout(3.0) s.settimeout(3.0)
@ -226,7 +233,15 @@ def sendCommand(host, arg0, arg1, arg2):
req = req + "&input=file://" + media_folder_remote + "/" + arg1 req = req + "&input=file://" + media_folder_remote + "/" + arg1
# Send request # Send request
if useSSL: if useSSL:
sslcontext = ssl.create_default_context(cafile=host + ".crt") #sslcontext = ssl.create_default_context(cafile=host_l + ".crt")
sslcontext = ssl.create_default_context()
if os.path.exists(CAfile):
sslcontext.load_verify_locations(cafile=CAfile)
else:
sslcontext.check_hostname = False
sslcontext.verify_mode = ssl.CERT_NONE
# ~ if useSSL:
# ~ sslcontext = ssl.create_default_context(cafile=host + ".crt")
conn = http.client.HTTPSConnection( host + ":" + str(portl), timeout=3, context = sslcontext ) conn = http.client.HTTPSConnection( host + ":" + str(portl), timeout=3, context = sslcontext )
else: else:
conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 ) conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 )

1
defaults.toml
View File

@ -1,6 +1,7 @@
[DEFAULT] [DEFAULT]
DEBUG = 0 DEBUG = 0
useSSL = false useSSL = false
CAfile = "selfCA.crt"
# Could be scp, sftp ? # Could be scp, sftp ?
sync_facility = "rsync" sync_facility = "rsync"
media_folder_local = "~/Videos" media_folder_local = "~/Videos"

1
videopi.toml
View File

@ -1,6 +1,7 @@
[DEFAULT] [DEFAULT]
DEBUG = 0 DEBUG = 0
useSSL = true useSSL = true
CAfile = "selfCA.crt"
# Can be rsync, scp, http # Can be rsync, scp, http
sync_facility = "http" sync_facility = "http"
media_folder_local = "../medias" media_folder_local = "../medias"