Skip to content

Commit

Permalink
fix: python/asyncio no-ssl-verify affects verification of server cert…
Browse files Browse the repository at this point in the history
…s only (#1211)

Bug fix: python/asyncio no-ssl-verify affects verification of server certs
  • Loading branch information
tomplus authored and wing328 committed Oct 12, 2018
1 parent 11b7fb4 commit 71aa421
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 35 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -39,28 +39,26 @@ class RESTClientObject(object):
def __init__(self, configuration, pools_size=4, maxsize=4):
# maxsize is number of requests to host that are allowed in parallel

if configuration.verify_ssl:

# ca_certs
if configuration.ssl_ca_cert:
ca_certs = configuration.ssl_ca_cert
else:
# if not set certificate file, use Mozilla's root certificates.
ca_certs = certifi.where()
# ca_certs
if configuration.ssl_ca_cert:
ca_certs = configuration.ssl_ca_cert
else:
# if not set certificate file, use Mozilla's root certificates.
ca_certs = certifi.where()

ssl_context = ssl.create_default_context(cafile=ca_certs)
ssl_context = ssl.create_default_context(cafile=ca_certs)
if configuration.cert_file:
ssl_context.load_cert_chain(
configuration.cert_file, keyfile=configuration.key_file
)

if configuration.cert_file:
ssl_context.load_cert_chain(
configuration.cert_file, keyfile=configuration.key_file
)
else:
ssl_context = None
if not configuration.verify_ssl:
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE

connector = aiohttp.TCPConnector(
limit=maxsize,
ssl_context=ssl_context,
verify_ssl=configuration.verify_ssl
ssl_context=ssl_context
)

# https pool manager
Expand Down
Original file line number Diff line number Diff line change
@@ -1 +1 @@
3.3.0-SNAPSHOT
3.3.1-SNAPSHOT
32 changes: 15 additions & 17 deletions samples/client/petstore/python-asyncio/petstore_api/rest.py
Original file line number Diff line number Diff line change
Expand Up @@ -47,28 +47,26 @@ class RESTClientObject(object):
def __init__(self, configuration, pools_size=4, maxsize=4):
# maxsize is number of requests to host that are allowed in parallel

if configuration.verify_ssl:

# ca_certs
if configuration.ssl_ca_cert:
ca_certs = configuration.ssl_ca_cert
else:
# if not set certificate file, use Mozilla's root certificates.
ca_certs = certifi.where()
# ca_certs
if configuration.ssl_ca_cert:
ca_certs = configuration.ssl_ca_cert
else:
# if not set certificate file, use Mozilla's root certificates.
ca_certs = certifi.where()

ssl_context = ssl.create_default_context(cafile=ca_certs)
ssl_context = ssl.create_default_context(cafile=ca_certs)
if configuration.cert_file:
ssl_context.load_cert_chain(
configuration.cert_file, keyfile=configuration.key_file
)

if configuration.cert_file:
ssl_context.load_cert_chain(
configuration.cert_file, keyfile=configuration.key_file
)
else:
ssl_context = None
if not configuration.verify_ssl:
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE

connector = aiohttp.TCPConnector(
limit=maxsize,
ssl_context=ssl_context,
verify_ssl=configuration.verify_ssl
ssl_context=ssl_context
)

# https pool manager
Expand Down

0 comments on commit 71aa421

Please sign in to comment.