summaryrefslogtreecommitdiffstats
path: root/recipes-connectivity/kuksa-val/kuksa-viss-client
diff options
context:
space:
mode:
authorScott Murray <scott.murray@konsulko.com>2022-07-11 19:26:33 -0400
committerJan-Simon Moeller <jsmoeller@linuxfoundation.org>2022-07-13 21:58:30 +0000
commitff1776b06bc54c36d199f9061f1ff78c7b3db027 (patch)
tree1ec2cadb734c0f630b8aa1a744e6b3bb238d8e2b /recipes-connectivity/kuksa-val/kuksa-viss-client
parentaa6100e48b4beabe8cb5371fb88a98aebe58a996 (diff)
kuksa-viss-client: add patch to fix SSL context creation
Add a patch that fixes the context purpose in the SSL context creation done for the client connection. On a client, the purpose needs to be set to server authentication to make newer versions of Python happy. Bug-AGL: SPEC-4467 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ide640a79f450fd2c1b5c2cda847932b2fd4e35c7
Diffstat (limited to 'recipes-connectivity/kuksa-val/kuksa-viss-client')
-rw-r--r--recipes-connectivity/kuksa-val/kuksa-viss-client/0001-kuksa_viss_client-fix-SSL-context-creation.patch36
1 files changed, 36 insertions, 0 deletions
diff --git a/recipes-connectivity/kuksa-val/kuksa-viss-client/0001-kuksa_viss_client-fix-SSL-context-creation.patch b/recipes-connectivity/kuksa-val/kuksa-viss-client/0001-kuksa_viss_client-fix-SSL-context-creation.patch
new file mode 100644
index 000000000..5617eee9d
--- /dev/null
+++ b/recipes-connectivity/kuksa-val/kuksa-viss-client/0001-kuksa_viss_client-fix-SSL-context-creation.patch
@@ -0,0 +1,36 @@
+From ad534490eb71b16dfe53a6fced6267f0ea58b939 Mon Sep 17 00:00:00 2001
+From: Scott Murray <scott.murray@konsulko.com>
+Date: Mon, 11 Jul 2022 16:04:11 -0400
+Subject: [PATCH] kuksa_viss_client: fix SSL context creation
+
+With the newer Python and OpenSSL in Yocto kirkstone, specifying
+ssl.Purpose.CLIENT_AUTH when creating the SSL context for the
+connection results in the error:
+
+ Cannot create a client socket with a PROTOCOL_TLS_SERVER context
+
+when trying to connect to a server with the client library. The fix
+is to instead use ssl.Purpose.SERVER_AUTH, since the context will be
+used by the client to validate the server certificate.
+
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
+---
+ kuksa_viss_client/__init__.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kuksa_viss_client/__init__.py b/kuksa_viss_client/__init__.py
+index 69cc996..df7a540 100644
+--- a/kuksa_viss_client/__init__.py
++++ b/kuksa_viss_client/__init__.py
+@@ -227,7 +227,7 @@ class KuksaClientThread(threading.Thread):
+
+ async def mainLoop(self):
+ if not self.insecure:
+- context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
++ context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+ context.load_cert_chain(certfile=self.certificate, keyfile=self.keyfile)
+ context.load_verify_locations(cafile=self.cacertificate)
+ try:
+--
+2.35.3
+