From 172d0a86e40e78a5f7c55ec3d5fe41f0b5025a3d Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Tue, 23 Aug 2022 10:58:47 -0400
Subject: [PATCH] Use proper SSLContext and enable TLSv1

It's bad, but sometimes you need to access the API from a very old
software version. So just enable it for now and clean it up later.
---
 api-daemon/pvcapid/Daemon.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/api-daemon/pvcapid/Daemon.py b/api-daemon/pvcapid/Daemon.py
index 6f050971..4e36ddd6 100755
--- a/api-daemon/pvcapid/Daemon.py
+++ b/api-daemon/pvcapid/Daemon.py
@@ -22,6 +22,8 @@
 import os
 import yaml
 
+from ssl import SSLContext, TLSVersion
+
 from distutils.util import strtobool as dustrtobool
 
 # Daemon version
@@ -123,7 +125,10 @@ def entrypoint():
     import pvcapid.flaskapi as pvc_api  # noqa: E402
 
     if config["ssl_enabled"]:
-        context = (config["ssl_cert_file"], config["ssl_key_file"])
+        context = SSLContext()
+        context.minimum_version = TLSVersion.TLSv1
+        context.get_ca_certs()
+        context.load_cert_chain(config["ssl_cert_file"], keyfile=config["ssl_key_file"])
     else:
         context = None