bunny-lab/Borealis-Github-Replica
1
0
Fork 0
mirror of https://github.com/bunny-lab-io/Borealis.git synced 2025-10-26 17:41:58 -06:00
Code Issues Packages Projects Releases Wiki Activity

Improve agent websocket TLS handling

Browse Source
This commit is contained in:
Nicole Rappe
2025-10-17 23:15:56 -06:00
parent 1abc7e5461
commit 80a015f921
1 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
Data/Agent/agent.py
View File

@@ -540,12 +540,28 @@ class AgentHttpClient:
engine = getattr(client, "eio", None) engine = getattr(client, "eio", None)
if engine is None: if engine is None:
return return
# python-engineio accepts bool, path, or ssl.SSLContext for ssl_verify
# python-engineio accepts either a boolean or an ``ssl.SSLContext``
# for TLS verification. When we have a pinned certificate bundle
# on disk, prefer constructing a dedicated context that trusts that
# bundle so WebSocket connections succeed even with private CAs.
if isinstance(verify, str) and os.path.isfile(verify): if isinstance(verify, str) and os.path.isfile(verify):
engine.ssl_verify = verify try:
context = ssl.create_default_context(cafile=verify)
context.check_hostname = False
except Exception:
context = None
if context is not None:
engine.ssl_context = context
engine.ssl_verify = True
else:
engine.ssl_context = None
engine.ssl_verify = verify
elif verify is False: elif verify is False:
engine.ssl_context = None
engine.ssl_verify = False engine.ssl_verify = False
else: else:
engine.ssl_context = None
engine.ssl_verify = True engine.ssl_verify = True
except Exception: except Exception:
pass pass