diff options
author | Scott Murray <scott.murray@konsulko.com> | 2022-07-11 19:26:33 -0400 |
---|---|---|
committer | Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2022-07-13 21:58:30 +0000 |
commit | ff1776b06bc54c36d199f9061f1ff78c7b3db027 (patch) | |
tree | 1ec2cadb734c0f630b8aa1a744e6b3bb238d8e2b /recipes-connectivity/kuksa-val | |
parent | aa6100e48b4beabe8cb5371fb88a98aebe58a996 (diff) |
kuksa-viss-client: add patch to fix SSL context creation
Add a patch that fixes the context purpose in the SSL context
creation done for the client connection. On a client, the
purpose needs to be set to server authentication to make newer
versions of Python happy.
Bug-AGL: SPEC-4467
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ide640a79f450fd2c1b5c2cda847932b2fd4e35c7
Diffstat (limited to 'recipes-connectivity/kuksa-val')
-rw-r--r-- | recipes-connectivity/kuksa-val/kuksa-viss-client/0001-kuksa_viss_client-fix-SSL-context-creation.patch | 36 | ||||
-rw-r--r-- | recipes-connectivity/kuksa-val/kuksa-viss-client_git.bb | 2 |
2 files changed, 38 insertions, 0 deletions
diff --git a/recipes-connectivity/kuksa-val/kuksa-viss-client/0001-kuksa_viss_client-fix-SSL-context-creation.patch b/recipes-connectivity/kuksa-val/kuksa-viss-client/0001-kuksa_viss_client-fix-SSL-context-creation.patch new file mode 100644 index 000000000..5617eee9d --- /dev/null +++ b/recipes-connectivity/kuksa-val/kuksa-viss-client/0001-kuksa_viss_client-fix-SSL-context-creation.patch @@ -0,0 +1,36 @@ +From ad534490eb71b16dfe53a6fced6267f0ea58b939 Mon Sep 17 00:00:00 2001 +From: Scott Murray <scott.murray@konsulko.com> +Date: Mon, 11 Jul 2022 16:04:11 -0400 +Subject: [PATCH] kuksa_viss_client: fix SSL context creation + +With the newer Python and OpenSSL in Yocto kirkstone, specifying +ssl.Purpose.CLIENT_AUTH when creating the SSL context for the +connection results in the error: + + Cannot create a client socket with a PROTOCOL_TLS_SERVER context + +when trying to connect to a server with the client library. The fix +is to instead use ssl.Purpose.SERVER_AUTH, since the context will be +used by the client to validate the server certificate. + +Signed-off-by: Scott Murray <scott.murray@konsulko.com> +--- + kuksa_viss_client/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kuksa_viss_client/__init__.py b/kuksa_viss_client/__init__.py +index 69cc996..df7a540 100644 +--- a/kuksa_viss_client/__init__.py ++++ b/kuksa_viss_client/__init__.py +@@ -227,7 +227,7 @@ class KuksaClientThread(threading.Thread): + + async def mainLoop(self): + if not self.insecure: +- context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ++ context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) + context.load_cert_chain(certfile=self.certificate, keyfile=self.keyfile) + context.load_verify_locations(cafile=self.cacertificate) + try: +-- +2.35.3 + diff --git a/recipes-connectivity/kuksa-val/kuksa-viss-client_git.bb b/recipes-connectivity/kuksa-val/kuksa-viss-client_git.bb index 3a33e0331..9b93155f2 100644 --- a/recipes-connectivity/kuksa-val/kuksa-viss-client_git.bb +++ b/recipes-connectivity/kuksa-val/kuksa-viss-client_git.bb @@ -9,6 +9,8 @@ DEPENDS = "python3-setuptools-git-versioning-native" require kuksa-val.inc +SRC_URI += "file://0001-kuksa_viss_client-fix-SSL-context-creation.patch" + inherit setuptools3 RDEPENDS:${PN} += " \ |