Switch to unique SSL CA, add CAfile option

2022-10-18 17:16:00 +02:00 · 2022-10-18 17:16:00 +02:00 · b88c8706be
parent 56632f21e6
commit b88c8706be
3 changed files with 20 additions and 3 deletions
--- a/app.py
+++ b/app.py
@ -72,6 +72,7 @@ hosts        = app.config['DEFAULT']['hosts']
 port         = app.config['DEFAULT']['port']
 cmd_port     = app.config['DEFAULT']['cmd_port']
 useSSL = app.config['DEFAULT']['useSSL']
+CAfile = app.config['DEFAULT']['CAfile']
 sync_facility = app.config['DEFAULT']['sync_facility']

 headers = {"Authorization":"Basic " + auth}
@ -84,7 +85,13 @@ def isup(host_l, port):
    import socket
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    if useSSL:
-         sslcontext = ssl.create_default_context(cafile=host_l + ".crt")
+         #sslcontext = ssl.create_default_context(cafile=host_l + ".crt")
+        sslcontext = ssl.create_default_context()
+        if os.path.exists(CAfile):
+            sslcontext.load_verify_locations(cafile=CAfile)
+        else:
+             sslcontext.check_hostname = False
+             sslcontext.verify_mode = ssl.CERT_NONE
        s = sslcontext.wrap_socket(s, server_hostname=host_l)
    try:
        s.settimeout(3.0)
@ -226,7 +233,15 @@ def sendCommand(host, arg0, arg1, arg2):
                req = req + "&input=file://" + media_folder_remote + "/" + arg1
    # Send request
    if useSSL:
-        sslcontext = ssl.create_default_context(cafile=host + ".crt")
+         #sslcontext = ssl.create_default_context(cafile=host_l + ".crt")
+        sslcontext = ssl.create_default_context()
+        if os.path.exists(CAfile):
+            sslcontext.load_verify_locations(cafile=CAfile)
+        else:
+             sslcontext.check_hostname = False
+             sslcontext.verify_mode = ssl.CERT_NONE
+    # ~ if useSSL:
+        # ~ sslcontext = ssl.create_default_context(cafile=host + ".crt")
        conn = http.client.HTTPSConnection( host + ":" + str(portl), timeout=3, context = sslcontext )
    else:
        conn = http.client.HTTPConnection( host + ":" + str(portl), timeout=3 )
--- a/defaults.toml
+++ b/defaults.toml
@ -1,6 +1,7 @@
 [DEFAULT]
 DEBUG = 0
 useSSL = false
+CAfile = "selfCA.crt"
 # Could be scp, sftp ?
 sync_facility = "rsync" 
 media_folder_local = "~/Videos"
--- a/videopi.toml
+++ b/videopi.toml
@ -1,6 +1,7 @@
 [DEFAULT]
 DEBUG = 0
 useSSL = true
+CAfile = "selfCA.crt"
 # Can be rsync, scp, http
 sync_facility = "http" 
 media_folder_local = "../medias"