bunny-lab/Borealis-Github-Replica
1
0
Fork 0
mirror of https://github.com/bunny-lab-io/Borealis.git synced 2025-10-26 19:21:58 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix Socket.IO SSL context creation

Browse Source
This commit is contained in:
Nicole Rappe
2025-10-18 05:38:26 -06:00
parent 45ac0dc7a4
commit e2171ae4e9
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
Data/Agent/agent.py
View File

@@ -931,14 +931,14 @@ class AgentHttpClient:
context = None context = None
if isinstance(verify, str) and os.path.isfile(verify): if isinstance(verify, str) and os.path.isfile(verify):
try: try:
# ``create_default_context`` expects a proper CA bundle and # Mirror Requests' certificate handling by starting from a
# will reject self-signed leaf certificates that we pin on # default client context (which pre-loads the system
# disk. Build a dedicated client context instead and load # certificate stores) and then layering the pinned
# the pinned certificate as a trust anchor so the SYSTEM # certificate bundle on top. This matches the REST client
# agent can complete TLS handshakes identical to Requests. # behaviour and ensures self-signed leaf certificates work
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) # the same way for Socket.IO handshakes.
context = ssl.create_default_context()
context.check_hostname = False context.check_hostname = False
context.verify_mode = ssl.CERT_REQUIRED
context.load_verify_locations(cafile=verify) context.load_verify_locations(cafile=verify)
_log_agent( _log_agent(
f"SocketIO TLS alignment created SSLContext from cafile={verify}", f"SocketIO TLS alignment created SSLContext from cafile={verify}",