summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorvuko <vuko@hackerspace.pl>2020-10-23 23:18:23 +0200
committervuko <vuko@hackerspace.pl>2020-10-23 23:18:23 +0200
commit53a26074dfa1aa20f773f9cf4e43dea457a85915 (patch)
tree8a8c878aa0fe9c78b9825685985ced195b0548f4
parent71a224a830626e9a1c04b9a64b9f1c2b98f02a3e (diff)
downloadcheckinator-53a26074dfa1aa20f773f9cf4e43dea457a85915.tar.gz
checkinator-53a26074dfa1aa20f773f9cf4e43dea457a85915.tar.bz2
checkinator-53a26074dfa1aa20f773f9cf4e43dea457a85915.zip
fix ssl
-rw-r--r--at/tracker.py37
1 files changed, 21 insertions, 16 deletions
diff --git a/at/tracker.py b/at/tracker.py
index 8c4bb77..bfc4290 100644
--- a/at/tracker.py
+++ b/at/tracker.py
@@ -27,7 +27,8 @@ class DhcpTrackerServicer(DhcpTrackerServicer):
def GetClients(self, request, context):
auth = context.auth_context()
ctype = auth.get('transport_security_type', 'local')
- if ctype == 'ssl':
+ print(ctype)
+ if ctype == [b'ssl']:
if b'at.hackerspace.pl' not in context.peer_identities():
context.abort(
grpc.StatusCode.PERMISSION_DENIED,
@@ -60,23 +61,27 @@ def server():
add_DhcpTrackerServicer_to_server(DhcpTrackerServicer(tracker), server)
- cert_dir = Path(config.get('GRPC_TLS_CERT_DIR', 'cert'))
- ca_cert = Path(config.get('GRPC_TLS_CA_CERT', 'ca.pem')).read_bytes()
+ tls_address = config.get("GRPC_TLS_ADDRESS", None)
+ if tls_address:
+ cert_dir = Path(config.get('GRPC_TLS_CERT_DIR', 'cert'))
+ ca_cert = Path(config.get('GRPC_TLS_CA_CERT', 'ca.pem')).read_bytes()
+
+ server_credentials = grpc.ssl_server_credentials(
+ private_key_certificate_chain_pairs = ((
+ cert_dir.joinpath('key.pem').read_bytes(),
+ cert_dir.joinpath('cert.pem').read_bytes()
+ ),),
+ root_certificates = ca_cert,
+ require_client_auth = True
+ )
+
+ server.add_secure_port(config.get('GRPC_TLS_ADDRESS', '[::]:2847'), server_credentials)
- server_credentials = grpc.ssl_server_credentials(
- private_key_certificate_chain_pairs = ((
- cert_dir.joinpath('key.pem').read_bytes(),
- cert_dir.joinpath('cert.pem').read_bytes()
- ),),
- root_certificates = ca_cert,
- require_client_auth = True
- )
-
- server.add_secure_port(config.get('GRPC_TLS_ADDRESS', '[::]:2847'), server_credentials)
unix_socket = config.get('GRPC_UNIX_SOCKET', False)
if unix_socket:
server.add_insecure_port(unix_socket)
- print('starting grpc server ...')
- server.start()
- server.wait_for_termination()
+ if tls_address or unix_socket:
+ print('starting grpc server ...')
+ server.start()
+ server.wait_for_termination()