From 8abb152faf705b06ddfe085d27c34ee7d6bde32b Mon Sep 17 00:00:00 2001 From: unknown Date: Sat, 11 May 2024 14:57:51 -0500 Subject: [PATCH] add ability to trust any number of certs at once, also add ability to trust entire user-provided bundle at once --- preload.py | 2 ++ scripts/auto_tls.py | 14 +++++++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/preload.py b/preload.py index 0dee81f..5624265 100644 --- a/preload.py +++ b/preload.py @@ -1,2 +1,4 @@ def preload(parser): parser.add_argument("--self-sign", action='store_true', help="Trust a provided key/certificate pair passed using --tls-certfile and --tls-keyfile", default=None) + parser.add_argument("--autotls-certs", nargs='+', help="Trust one or more given certificates Ex. --certs cert1.cert cert2.cert", default=None) + parser.add_argument("--autotls-bundle", help="Pass an entire trust store/bundle to python", default=None) diff --git a/scripts/auto_tls.py b/scripts/auto_tls.py index ecf2d09..9d0826c 100644 --- a/scripts/auto_tls.py +++ b/scripts/auto_tls.py @@ -13,9 +13,14 @@ def setup_bundle(cert): certifi_bundle = open(certifi.where()) wui_bundle = open(wui_bundle_name, "w") - # merge user cert with certifi bundle into an intermediary webui bundle + # merge user cert(s) with certifi bundle into an intermediary webui bundle wui_bundle.write(certifi_bundle.read()) wui_bundle.write(cert.read()) + if cmd_opts.autotls_certs is not None: + for c in cmd_opts.autotls_certs: + c = open(c) + wui_bundle.write(c.read()) + c.close() # cleanup cert.close() @@ -50,7 +55,7 @@ if not cmd_opts.self_sign: else: try: if not os.path.exists(cmd_opts.tls_keyfile): - print(f"Invalid path to TLS certfile: '{cmd_opts.tls_keyfile}'") + print(f"Invalid path to TLS keyfile: '{cmd_opts.tls_keyfile}'") if not os.path.exists(cmd_opts.tls_certfile): print(f"Invalid path to TLS certfile: '{cmd_opts.tls_certfile}'") except TypeError as e: @@ -58,5 +63,8 @@ else: print("TLS components missing or invalid.") raise e -setup_bundle(cmd_opts.tls_certfile) +if cmd_opts.autotls_bundle is not None: + os.environ['REQUESTS_CA_BUNDLE'] = cmd_opts.autotls_bundle +else: + setup_bundle(cmd_opts.tls_certfile) print('Certificate trust store ready')