From 9c0d93ef3b7266037a1c8fe7e49790f9119dae28 Mon Sep 17 00:00:00 2001
From: Erik Jaegervall <erik.jaegervall@se.bosch.com>
Date: Wed, 31 Aug 2022 14:41:07 +0200
Subject: [PATCH] Update kuksa-viss-client to support Python 3.10

SSH checks in Python 3.10 are stricter.
Using current version with Python 3.10 gives the following error:

Disconnected!! Cannot create a client socket with a PROTOCOL_TLS_SERVER context (_ssl.c:801)

Changing to default context (i.e. implictly Purpose.SERVER_AUTH)
Also ignoring hostname check as certificate does not include correct hostname
Updating Docker build to use Python 3.10

Signed-off-by: Erik Jaegervall <erik.jaegervall@se.bosch.com>

Upstream-Status: Backport [https://github.com/eclipse/kuksa.val/commit/9c0d93ef3b7266037a1c8fe7e49790f9119dae28]
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 kuksa_viss_client/Dockerfile  | 2 +-
 kuksa_viss_client/__init__.py | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/kuksa_viss_client/Dockerfile b/kuksa_viss_client/Dockerfile
index ae62e50..bf0f49e 100644
--- a/kuksa_viss_client/Dockerfile
+++ b/kuksa_viss_client/Dockerfile
@@ -18,7 +18,7 @@ RUN python -m build
 RUN mkdir /kuksa_viss_client
 RUN pip install --target /kuksa_viss_client --no-cache-dir dist/*.whl 
 
-FROM python:3.8-alpine
+FROM python:3.10-alpine
 
 COPY --from=build /kuksa_viss_client /kuksa_viss_client
 ENV PYTHONUNBUFFERED=yes
diff --git a/kuksa_viss_client/__init__.py b/kuksa_viss_client/__init__.py
index 69cc996..ab29fb9 100644
--- a/kuksa_viss_client/__init__.py
+++ b/kuksa_viss_client/__init__.py
@@ -227,9 +227,12 @@ class KuksaClientThread(threading.Thread):
 
     async def mainLoop(self):
         if not self.insecure:
-            context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+            context = ssl.create_default_context()
             context.load_cert_chain(certfile=self.certificate, keyfile=self.keyfile)
             context.load_verify_locations(cafile=self.cacertificate)
+            # Certificates in ../kuksa_certificates does not contain the IP address used for
+            # connection to server so hostname check must be disabled
+            context.check_hostname = False
             try:
                 print("connect to wss://"+self.serverIP+":"+str(self.serverPort))
                 async with websockets.connect("wss://"+self.serverIP+":"+str(self.serverPort), ssl=context) as ws:
-- 
2.34.1