nats.py2
nats.py2 copied to clipboard
Able to create connection,publish,subscribe without passing ca pem file to a nats core tls enabled server
Using nats.py2 able to create connection, publish, subscribe without passing ca pem file to a nats core tls enabled server running behind nats streaming server, whereas other clients in other language required ca.pem, gave error : Can't connect: x509: certificate signed by unknown authority
Nats-streaming server configuration: nats_streaming_config.txt
File : nats_pub_sub.txt
The TLS handshake should fail as the server's certificate is not found in client's truststore?
Is client's default TLS context enough for successful TLS handshake given the server configuration above?
//Client Readme says : The client will also automatically create a TLS context with defaults in case it detects that it should connect securely against the server.
How is TLS handshake complete without providing ca.pem file only for nats.py2 client, am I missing something?
@kozlovic , @wallyqs folks any input on this?
Seems that if the server is configured with tls it should do the upgrade:
https://github.com/nats-io/nats.py2/blob/7b17b272a642ff59e08e9d81fd733b4d3f58f9c6/nats/io/client.py#L924-L937
it would create a default ssl context in case none provided as a connect like nc.connect("tls://", tls=ssl_ctx)
. You could try with passing a default context from ssl library and setting with an option too: https://docs.python.org/3/library/ssl.html#ssl.wrap_socket
@wallyqs ok but how is the handshake success without the server's authentication given the default context(without certificate)?