From c16498f516f5208689be4d4515aeefcfa23c56d1 Mon Sep 17 00:00:00 2001 From: Christian Herdtweck Date: Tue, 9 Apr 2019 10:33:23 +0200 Subject: [PATCH] Take into account that certs are not issued to "localhost" Use FQDN instead --- src/web_interface.py | 10 ++++++++-- 1 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/web_interface.py b/src/web_interface.py index a647a9c..011ac91 100644 --- a/src/web_interface.py +++ b/src/web_interface.py @@ -36,11 +36,15 @@ import re import ssl import http.client as client import urllib.parse as parse +import socket import logging log = logging.getLogger('pyi2ncommon.web_interface') from .arnied_wrapper import accept_licence +#: FQDN of local machine +LOCALHOST = socket.gethostname() + def find_in_form(regex, form="status", escape=False, check_certs=True): """ @@ -73,7 +77,9 @@ def web_page_request(method="GET", url="/", body=None, check_certs=True): implications!) by setting `check_certs` to `False`. To allow a secure connection to host with e.g. a self-signed certificate, the caller can load this certificate by specifying `check_certs=/path/to/cert.pem`. - (see also: :py:meth:`ssl.SSLContext.load_verify_locations`) + (see also: :py:meth:`ssl.SSLContext.load_verify_locations`). Note that the + certificate has to be issued for the same server name that we try to + access, i.e. :py:data:`LOCALHOST`. :param str method: GET or POST method for the request :param str url: url location within the remote host @@ -96,7 +102,7 @@ def web_page_request(method="GET", url="/", body=None, check_certs=True): else: # disable certificate checks context = ssl._create_unverified_context() - conn = client.HTTPSConnection("localhost", context=context) + conn = client.HTTPSConnection(LOCALHOST, context=context) conn.request(method, url, body, headers) resp = conn.getresponse() logging.info("Request status %s and response %s", -- 1.7.1