Use proper SSLContext and enable TLSv1
It's bad, but sometimes you need to access the API from a very old software version. So just enable it for now and clean it up later.
This commit is contained in:
parent
d8e57a26c5
commit
172d0a86e4
|
@ -22,6 +22,8 @@
|
|||
import os
|
||||
import yaml
|
||||
|
||||
from ssl import SSLContext, TLSVersion
|
||||
|
||||
from distutils.util import strtobool as dustrtobool
|
||||
|
||||
# Daemon version
|
||||
|
@ -123,7 +125,10 @@ def entrypoint():
|
|||
import pvcapid.flaskapi as pvc_api # noqa: E402
|
||||
|
||||
if config["ssl_enabled"]:
|
||||
context = (config["ssl_cert_file"], config["ssl_key_file"])
|
||||
context = SSLContext()
|
||||
context.minimum_version = TLSVersion.TLSv1
|
||||
context.get_ca_certs()
|
||||
context.load_cert_chain(config["ssl_cert_file"], keyfile=config["ssl_key_file"])
|
||||
else:
|
||||
context = None
|
||||
|
||||
|
|
Loading…
Reference in New Issue