Use proper SSLContext and enable TLSv1

It's bad, but sometimes you need to access the API from a very old
software version. So just enable it for now and clean it up later.
This commit is contained in:
Joshua Boniface 2022-08-23 10:58:47 -04:00
parent d8e57a26c5
commit 172d0a86e4
1 changed files with 6 additions and 1 deletions

View File

@ -22,6 +22,8 @@
import os import os
import yaml import yaml
from ssl import SSLContext, TLSVersion
from distutils.util import strtobool as dustrtobool from distutils.util import strtobool as dustrtobool
# Daemon version # Daemon version
@ -123,7 +125,10 @@ def entrypoint():
import pvcapid.flaskapi as pvc_api # noqa: E402 import pvcapid.flaskapi as pvc_api # noqa: E402
if config["ssl_enabled"]: if config["ssl_enabled"]:
context = (config["ssl_cert_file"], config["ssl_key_file"]) context = SSLContext()
context.minimum_version = TLSVersion.TLSv1
context.get_ca_certs()
context.load_cert_chain(config["ssl_cert_file"], keyfile=config["ssl_key_file"])
else: else:
context = None context = None