bj/torch-agent
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Trying to make server certificate hostname verification optional

Browse Source
This commit is contained in:
B.J. Dweck 2020-10-22 13:52:02 +02:00
parent 7d764cb043
commit d3af567287
1 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
torch_agent/torch_agent.py
View File

@ -53,9 +53,17 @@ def main():
'RequireCertificate', 'RequireCertificate',
fallback=False) fallback=False)
mqtt_ca_file = config_path + mqtt_config.get('CaFile') mqtt_ca_file = mqtt_config.get('CaFile', fallback=None)
mqtt_cert_file = config_path + mqtt_config.get('CertFile') mqtt_ca_file = config_path + mqtt_ca_file
mqtt_key_file = config_path + mqtt_config.get('KeyFile') mqtt_cert_file = mqtt_config.get('CertFile', fallback=None)
mqtt_cert_file = config_path + mqtt_cert_file
mqtt_key_file = mqtt_config.get('KeyFile', fallback=None)
mqtt_key_file = config_path + mqtt_key_file
mqtt_use_tls = \
mqtt_ca_file is not None and \
mqtt_cert_file is not None and \
mqtt_key_file is not None
print("Connecting to local TOR controller on port %s" % tor_controller_port) print("Connecting to local TOR controller on port %s" % tor_controller_port)
@ -77,21 +85,26 @@ def main():
tls_args = None tls_args = None
proxy_args = None proxy_args = None
cert_required = ssl.CERT_OPTIONAL
if mqtt_require_certificate:
cert_required = ssl.CERT_REQUIRED
if mqtt_broker_using_tor: if mqtt_broker_using_tor:
cert_required = ssl.CERT_OPTIONAL
proxy_args = { proxy_args = {
'proxy_type': socks.SOCKS5, 'proxy_type': socks.SOCKS5,
'proxy_addr': tor_proxy_host, 'proxy_addr': tor_proxy_host,
'proxy_port': tor_proxy_port 'proxy_port': tor_proxy_port
} }
else:
if mqtt_require_certificate: if mqtt_use_tls:
protocol = "mqtts" protocol = "mqtts"
tls_args = { tls_args = {
'ca_certs': mqtt_ca_file, 'ca_certs': mqtt_ca_file,
'certfile': mqtt_cert_file, 'certfile': mqtt_cert_file,
'keyfile': mqtt_key_file, 'keyfile': mqtt_key_file,
'cert_reqs': ssl.CERT_REQUIRED 'cert_reqs': cert_required
} }
print("Publishing to MQTT broker: %s://%s:%s/%s" % (protocol, mqtt_broker_host, mqtt_broker_port, mqtt_topic)) print("Publishing to MQTT broker: %s://%s:%s/%s" % (protocol, mqtt_broker_host, mqtt_broker_port, mqtt_topic))
if mqtt_broker_using_tor: if mqtt_broker_using_tor: