blob: f1813e586f2062f946d2a1ab095a1206b974b723 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
From 9c0d93ef3b7266037a1c8fe7e49790f9119dae28 Mon Sep 17 00:00:00 2001
From: Erik Jaegervall <erik.jaegervall@se.bosch.com>
Date: Wed, 31 Aug 2022 14:41:07 +0200
Subject: [PATCH] Update kuksa-viss-client to support Python 3.10
SSH checks in Python 3.10 are stricter.
Using current version with Python 3.10 gives the following error:
Disconnected!! Cannot create a client socket with a PROTOCOL_TLS_SERVER context (_ssl.c:801)
Changing to default context (i.e. implictly Purpose.SERVER_AUTH)
Also ignoring hostname check as certificate does not include correct hostname
Updating Docker build to use Python 3.10
Signed-off-by: Erik Jaegervall <erik.jaegervall@se.bosch.com>
Upstream-Status: Backport [https://github.com/eclipse/kuksa.val/commit/9c0d93ef3b7266037a1c8fe7e49790f9119dae28]
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
kuksa_viss_client/Dockerfile | 2 +-
kuksa_viss_client/__init__.py | 5 ++++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/kuksa_viss_client/Dockerfile b/kuksa_viss_client/Dockerfile
index ae62e50..bf0f49e 100644
--- a/kuksa_viss_client/Dockerfile
+++ b/kuksa_viss_client/Dockerfile
@@ -18,7 +18,7 @@ RUN python -m build
RUN mkdir /kuksa_viss_client
RUN pip install --target /kuksa_viss_client --no-cache-dir dist/*.whl
-FROM python:3.8-alpine
+FROM python:3.10-alpine
COPY --from=build /kuksa_viss_client /kuksa_viss_client
ENV PYTHONUNBUFFERED=yes
diff --git a/kuksa_viss_client/__init__.py b/kuksa_viss_client/__init__.py
index 69cc996..ab29fb9 100644
--- a/kuksa_viss_client/__init__.py
+++ b/kuksa_viss_client/__init__.py
@@ -227,9 +227,12 @@ class KuksaClientThread(threading.Thread):
async def mainLoop(self):
if not self.insecure:
- context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+ context = ssl.create_default_context()
context.load_cert_chain(certfile=self.certificate, keyfile=self.keyfile)
context.load_verify_locations(cafile=self.cacertificate)
+ # Certificates in ../kuksa_certificates does not contain the IP address used for
+ # connection to server so hostname check must be disabled
+ context.check_hostname = False
try:
print("connect to wss://"+self.serverIP+":"+str(self.serverPort))
async with websockets.connect("wss://"+self.serverIP+":"+str(self.serverPort), ssl=context) as ws:
--
2.34.1
|