summaryrefslogtreecommitdiffstats
path: root/recipes-connectivity/kuksa-val/kuksa-viss-client/0001-kuksa_viss_client-fix-SSL-context-creation.patch
blob: 5617eee9dd3bdf7fc9ee8b327fe01a1f759f26be (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
From ad534490eb71b16dfe53a6fced6267f0ea58b939 Mon Sep 17 00:00:00 2001
From: Scott Murray <scott.murray@konsulko.com>
Date: Mon, 11 Jul 2022 16:04:11 -0400
Subject: [PATCH] kuksa_viss_client: fix SSL context creation

With the newer Python and OpenSSL in Yocto kirkstone, specifying
ssl.Purpose.CLIENT_AUTH when creating the SSL context for the
connection results in the error:

  Cannot create a client socket with a PROTOCOL_TLS_SERVER context

when trying to connect to a server with the client library.  The fix
is to instead use ssl.Purpose.SERVER_AUTH, since the context will be
used by the client to validate the server certificate.

Signed-off-by: Scott Murray <scott.murray@konsulko.com>
---
 kuksa_viss_client/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kuksa_viss_client/__init__.py b/kuksa_viss_client/__init__.py
index 69cc996..df7a540 100644
--- a/kuksa_viss_client/__init__.py
+++ b/kuksa_viss_client/__init__.py
@@ -227,7 +227,7 @@ class KuksaClientThread(threading.Thread):
 
     async def mainLoop(self):
         if not self.insecure:
-            context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+            context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
             context.load_cert_chain(certfile=self.certificate, keyfile=self.keyfile)
             context.load_verify_locations(cafile=self.cacertificate)
             try:
-- 
2.35.3