def init_mtls(config):
logger.info("Setting up mTLS...")
tls_dir = config["ca_dir"]
if tls_dir[0]!='/':
tls_dir = os.path.abspath('%s/%s'%(common.WORK_DIR,tls_dir))
# We need to securely pull in the ca password
my_key_pw = getpass.getpass("Please enter the password to decrypt your keystore: ")
ca_util.setpassword(my_key_pw)
# Create HIL Server Connect certs (if not already present)
if not os.path.exists("%s/%s-cert.crt"%(tls_dir,config["ip"])):
logger.info("Generating new Node Monitor TLS Certs in %s for connecting"%tls_dir)
ca_util.cmd_mkcert(tls_dir,config["ip"])
ca_path = "%s/cacert.crt"%(tls_dir)
my_cert = "%s/%s-cert.crt"%(tls_dir,config["ip"])
my_priv_key = "%s/%s-private.pem"%(tls_dir,config["ip"])
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.load_verify_locations(cafile=ca_path)
context.load_cert_chain(certfile=my_cert,keyfile=my_priv_key,password=my_key_pw)
context.verify_mode = ssl.CERT_REQUIRED
return context
评论列表
文章目录
