Merge remote-tracking branch 'origin/v3.5'

2022-01-21 12:07:24 +01:00 · 2022-01-21 12:07:24 +01:00 · 143b9b675b
commit 143b9b675b
parent ecb876157a 3ebc0dd26f
3 changed files with 23 additions and 8 deletions
--- a/client-py3/full/src/uds/rest.py
+++ b/client-py3/full/src/uds/rest.py
@ -40,7 +40,6 @@ import ssl
 import socket
 import typing

-import certifi
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend

@ -186,6 +185,8 @@ class RestApi:
        ctx = ssl.create_default_context()
        ctx.check_hostname = False
        ctx.verify_mode = ssl.CERT_NONE
+        # If we have the certificates file, we use it
+        if tools.getCaCertsFile() is not None:
            ctx.load_verify_locations(tools.getCaCertsFile())
        hostname = urllib.parse.urlparse(url)[1]
        serial = ''
--- a/client-py3/full/src/uds/tools.py
+++ b/client-py3/full/src/uds/tools.py
@ -34,12 +34,14 @@ import string
 import random
 import os
 import os.path
+import sys
 import socket
 import stat
 import sys
 import time
 import base64
 import typing
+
 import certifi

 try:
@ -242,11 +244,22 @@ def verifySignature(script: bytes, signature: bytes) -> bool:
    return True


-def getCaCertsFile() -> str:
+def getCaCertsFile() -> typing.Optional[str]:
+    # First, try certifi...
+
    try:
        if os.path.exists(certifi.where()):
            return certifi.where()
    except Exception:
-        logger.debug('Certifi file does not exists: %s', certifi.where())
+        pass

-    return ''  # Return empty path
+    logger.info('Certifi file does not exists: %s', certifi.where())
+
+    # Check if "standard" paths are valid for linux systems
+    if 'linux' in sys.platform:
+        for path in ('/etc/pki/tls/certs/ca-bundle.crt', '/etc/ssl/certs/ca-certificates.crt', '/etc/ssl/ca-bundle.pem'):
+            if os.path.exists(path):
+                logger.info('Found certifi path: %s', path)
+                return path
+
+    return None
--- a/client-py3/full/src/uds/tunnel.py
+++ b/client-py3/full/src/uds/tunnel.py
@ -120,6 +120,7 @@ class ForwardServer(socketserver.ThreadingTCPServer):

            # Do not "recompress" data, use only "base protocol" compression
            context.options |= ssl.OP_NO_COMPRESSION
+            if tools.getCaCertsFile() is not None:
                context.load_verify_locations(
                    tools.getCaCertsFile()
                )  # Load certifi certificates