def get_tls_context(self):
ca_cert = config.get('tenant', 'ca_cert')
my_cert = config.get('tenant', 'my_cert')
my_priv_key = config.get('tenant', 'private_key')
my_key_pw = config.get('tenant','private_key_pw')
tls_dir = config.get('tenant','tls_dir')
if tls_dir == 'default':
ca_cert = 'cacert.crt'
my_cert = 'client-cert.crt'
my_priv_key = 'client-private.pem'
tls_dir = 'cv_ca'
# this is relative path, convert to absolute in WORK_DIR
if tls_dir[0]!='/':
tls_dir = os.path.abspath('%s/%s'%(common.WORK_DIR,tls_dir))
if my_key_pw=='default':
logger.warning("CAUTION: using default password for private key, please set private_key_pw to a strong password")
logger.info("Setting up client TLS in %s"%(tls_dir))
ca_path = "%s/%s"%(tls_dir,ca_cert)
my_cert = "%s/%s"%(tls_dir,my_cert)
my_priv_key = "%s/%s"%(tls_dir,my_priv_key)
context = ssl.create_default_context()
context.load_verify_locations(cafile=ca_path)
context.load_cert_chain(certfile=my_cert,keyfile=my_priv_key,password=my_key_pw)
context.verify_mode = ssl.CERT_REQUIRED
context.check_hostname = config.getboolean('general','tls_check_hostnames')
return context
评论列表
文章目录
