hbmqtt icon indicating copy to clipboard operation
hbmqtt copied to clipboard

Published 20 hours ago verified publisher icon njouanin

Disable certificate verification

Open randomstuff opened this issue 5 years ago • 1 comments

It'd be nice to have an option to disable certificate verification (verify_mode=CERT_NONE): something like config['verify'] = False?

randomstuff avatar May 02 '19 09:05 randomstuff

I've just did some quick check, and it seems that it is enough to set verify_mode to ssl.CERT_OPTIONAL above this line:

        if secure:
            sc = ssl.create_default_context(
                ssl.Purpose.SERVER_AUTH,
                cafile=self.session.cafile,
                capath=self.session.capath,
                cadata=self.session.cadata)
            if 'certfile' in self.config and 'keyfile' in self.config:
                sc.load_cert_chain(self.config['certfile'], self.config['keyfile'])
            if 'check_hostname' in self.config and isinstance(self.config['check_hostname'], bool):
                sc.check_hostname = self.config['check_hostname']
            sc.verify_mode = ssl.CERT_NONE
            kwargs['ssl'] = sc

Then server will be verified only when cafile is provided. But having option in config would make if more verbose...

d21d3q avatar Jul 29 '19 13:07 d21d3q