search

njouanin / hbmqtt

MQTT client/broker using Python asynchronous I/O
MIT License
800 stars 188 forks source link

Disable certificate verification #180

Open randomstuff opened 5 years ago

randomstuff commented 5 years ago

It'd be nice to have an option to disable certificate verification (verify_mode=CERT_NONE): something like config['verify'] = False?

d21d3q commented 5 years ago

I've just did some quick check, and it seems that it is enough to set verify_mode to ssl.CERT_OPTIONAL above this line:

        if secure:
            sc = ssl.create_default_context(
                ssl.Purpose.SERVER_AUTH,
                cafile=self.session.cafile,
                capath=self.session.capath,
                cadata=self.session.cadata)
            if 'certfile' in self.config and 'keyfile' in self.config:
                sc.load_cert_chain(self.config['certfile'], self.config['keyfile'])
            if 'check_hostname' in self.config and isinstance(self.config['check_hostname'], bool):
                sc.check_hostname = self.config['check_hostname']
            sc.verify_mode = ssl.CERT_NONE
            kwargs['ssl'] = sc

Then server will be verified only when cafile is provided. But having option in config would make if more verbose...