add ability to trust any number of certs at once, also add ability to trust entire user-provided bundle at once
parent
4b66d1e46e
commit
8abb152faf
|
|
@ -1,2 +1,4 @@
|
|||
def preload(parser):
|
||||
parser.add_argument("--self-sign", action='store_true', help="Trust a provided key/certificate pair passed using --tls-certfile and --tls-keyfile", default=None)
|
||||
parser.add_argument("--autotls-certs", nargs='+', help="Trust one or more given certificates Ex. --certs cert1.cert cert2.cert", default=None)
|
||||
parser.add_argument("--autotls-bundle", help="Pass an entire trust store/bundle to python", default=None)
|
||||
|
|
|
|||
|
|
@ -13,9 +13,14 @@ def setup_bundle(cert):
|
|||
certifi_bundle = open(certifi.where())
|
||||
wui_bundle = open(wui_bundle_name, "w")
|
||||
|
||||
# merge user cert with certifi bundle into an intermediary webui bundle
|
||||
# merge user cert(s) with certifi bundle into an intermediary webui bundle
|
||||
wui_bundle.write(certifi_bundle.read())
|
||||
wui_bundle.write(cert.read())
|
||||
if cmd_opts.autotls_certs is not None:
|
||||
for c in cmd_opts.autotls_certs:
|
||||
c = open(c)
|
||||
wui_bundle.write(c.read())
|
||||
c.close()
|
||||
|
||||
# cleanup
|
||||
cert.close()
|
||||
|
|
@ -50,7 +55,7 @@ if not cmd_opts.self_sign:
|
|||
else:
|
||||
try:
|
||||
if not os.path.exists(cmd_opts.tls_keyfile):
|
||||
print(f"Invalid path to TLS certfile: '{cmd_opts.tls_keyfile}'")
|
||||
print(f"Invalid path to TLS keyfile: '{cmd_opts.tls_keyfile}'")
|
||||
if not os.path.exists(cmd_opts.tls_certfile):
|
||||
print(f"Invalid path to TLS certfile: '{cmd_opts.tls_certfile}'")
|
||||
except TypeError as e:
|
||||
|
|
@ -58,5 +63,8 @@ else:
|
|||
print("TLS components missing or invalid.")
|
||||
raise e
|
||||
|
||||
if cmd_opts.autotls_bundle is not None:
|
||||
os.environ['REQUESTS_CA_BUNDLE'] = cmd_opts.autotls_bundle
|
||||
else:
|
||||
setup_bundle(cmd_opts.tls_certfile)
|
||||
print('Certificate trust store ready')
|
||||
|
|
|
|||
Loading…
Reference in New Issue