From 3ebc0dd26f7d1b99b9f0328d073e5063ee62730b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adolfo=20G=C3=B3mez=20Garc=C3=ADa?= <dkmaster@dkmon.com>
Date: Fri, 21 Jan 2022 12:04:54 +0100
Subject: [PATCH] Fixed certs locations for some platforms

---
 client-py3/full/src/uds/rest.py   |  5 +++--
 client-py3/full/src/uds/tools.py  | 19 ++++++++++++++++---
 client-py3/full/src/uds/tunnel.py |  7 ++++---
 3 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/client-py3/full/src/uds/rest.py b/client-py3/full/src/uds/rest.py
index bcf39858..b3a74ab2 100644
--- a/client-py3/full/src/uds/rest.py
+++ b/client-py3/full/src/uds/rest.py
@@ -40,7 +40,6 @@ import ssl
 import socket
 import typing
 
-import certifi
 from cryptography import x509
 from cryptography.hazmat.backends import default_backend
 
@@ -186,7 +185,9 @@ class RestApi:
         ctx = ssl.create_default_context()
         ctx.check_hostname = False
         ctx.verify_mode = ssl.CERT_NONE
-        ctx.load_verify_locations(tools.getCaCertsFile())
+        # If we have the certificates file, we use it
+        if tools.getCaCertsFile() is not None:
+            ctx.load_verify_locations(tools.getCaCertsFile())
         hostname = urllib.parse.urlparse(url)[1]
         serial = ''
 
diff --git a/client-py3/full/src/uds/tools.py b/client-py3/full/src/uds/tools.py
index e9584e68..8f3fa05c 100644
--- a/client-py3/full/src/uds/tools.py
+++ b/client-py3/full/src/uds/tools.py
@@ -34,12 +34,14 @@ import string
 import random
 import os
 import os.path
+import sys
 import socket
 import stat
 import sys
 import time
 import base64
 import typing
+
 import certifi
 
 try:
@@ -242,11 +244,22 @@ def verifySignature(script: bytes, signature: bytes) -> bool:
     return True
 
 
-def getCaCertsFile() -> str:
+def getCaCertsFile() -> typing.Optional[str]:
+    # First, try certifi...
+
     try:
         if os.path.exists(certifi.where()):
             return certifi.where()
     except Exception:
-        logger.debug('Certifi file does not exists: %s', certifi.where())
+        pass
 
-    return ''  # Return empty path
+    logger.info('Certifi file does not exists: %s', certifi.where())
+
+    # Check if "standard" paths are valid for linux systems
+    if 'linux' in sys.platform:
+        for path in ('/etc/pki/tls/certs/ca-bundle.crt', '/etc/ssl/certs/ca-certificates.crt', '/etc/ssl/ca-bundle.pem'):
+            if os.path.exists(path):
+                logger.info('Found certifi path: %s', path)
+                return path
+
+    return None
diff --git a/client-py3/full/src/uds/tunnel.py b/client-py3/full/src/uds/tunnel.py
index 20c6bf2d..8716b744 100644
--- a/client-py3/full/src/uds/tunnel.py
+++ b/client-py3/full/src/uds/tunnel.py
@@ -120,9 +120,10 @@ class ForwardServer(socketserver.ThreadingTCPServer):
 
             # Do not "recompress" data, use only "base protocol" compression
             context.options |= ssl.OP_NO_COMPRESSION
-            context.load_verify_locations(
-                tools.getCaCertsFile()
-            )  # Load certifi certificates
+            if tools.getCaCertsFile() is not None:
+                context.load_verify_locations(
+                    tools.getCaCertsFile()
+                )  # Load certifi certificates
 
             # If ignore remote certificate
             if self.check_certificate is False: