From d3af56728766073fc9b58511c2a5d3da5dbb5b4e Mon Sep 17 00:00:00 2001 From: Benjamin Dweck Date: Thu, 22 Oct 2020 13:52:02 +0200 Subject: [PATCH] Trying to make server certificate hostname verification optional --- torch_agent/torch_agent.py | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/torch_agent/torch_agent.py b/torch_agent/torch_agent.py index 70d01de..570530a 100755 --- a/torch_agent/torch_agent.py +++ b/torch_agent/torch_agent.py @@ -53,9 +53,17 @@ def main(): 'RequireCertificate', fallback=False) - mqtt_ca_file = config_path + mqtt_config.get('CaFile') - mqtt_cert_file = config_path + mqtt_config.get('CertFile') - mqtt_key_file = config_path + mqtt_config.get('KeyFile') + mqtt_ca_file = mqtt_config.get('CaFile', fallback=None) + mqtt_ca_file = config_path + mqtt_ca_file + mqtt_cert_file = mqtt_config.get('CertFile', fallback=None) + mqtt_cert_file = config_path + mqtt_cert_file + mqtt_key_file = mqtt_config.get('KeyFile', fallback=None) + mqtt_key_file = config_path + mqtt_key_file + + mqtt_use_tls = \ + mqtt_ca_file is not None and \ + mqtt_cert_file is not None and \ + mqtt_key_file is not None print("Connecting to local TOR controller on port %s" % tor_controller_port) @@ -77,21 +85,26 @@ def main(): tls_args = None proxy_args = None + cert_required = ssl.CERT_OPTIONAL + if mqtt_require_certificate: + cert_required = ssl.CERT_REQUIRED + if mqtt_broker_using_tor: + cert_required = ssl.CERT_OPTIONAL proxy_args = { 'proxy_type': socks.SOCKS5, 'proxy_addr': tor_proxy_host, 'proxy_port': tor_proxy_port } - else: - if mqtt_require_certificate: - protocol = "mqtts" - tls_args = { - 'ca_certs': mqtt_ca_file, - 'certfile': mqtt_cert_file, - 'keyfile': mqtt_key_file, - 'cert_reqs': ssl.CERT_REQUIRED - } + + if mqtt_use_tls: + protocol = "mqtts" + tls_args = { + 'ca_certs': mqtt_ca_file, + 'certfile': mqtt_cert_file, + 'keyfile': mqtt_key_file, + 'cert_reqs': cert_required + } print("Publishing to MQTT broker: %s://%s:%s/%s" % (protocol, mqtt_broker_host, mqtt_broker_port, mqtt_topic)) if mqtt_broker_using_tor: