From 5e1792ff4da38f5ddc5b7db3e7eeb8b6c6446b68 Mon Sep 17 00:00:00 2001 From: grossmj Date: Mon, 7 Aug 2023 19:15:14 +1000 Subject: [PATCH] Use finer-grained control for truststore --- gns3server/controller/appliance_manager.py | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/gns3server/controller/appliance_manager.py b/gns3server/controller/appliance_manager.py index 2ea4e559a..0987f99df 100644 --- a/gns3server/controller/appliance_manager.py +++ b/gns3server/controller/appliance_manager.py @@ -21,7 +21,7 @@ import asyncio import aiohttp import shutil - +import ssl try: import importlib_resources @@ -37,14 +37,6 @@ log = logging.getLogger(__name__) -try: - import truststore - truststore.inject_into_ssl() - log.info("Using system certificate store for SSL connections") -except ImportError: - pass - - class ApplianceManager: """ Manages appliances @@ -54,6 +46,13 @@ def __init__(self): self._appliances = {} self._appliances_etag = None + self._ssl_context = None + try: + import truststore + self._ssl_context = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + log.info("Using system certificate store for SSL connections") + except ImportError: + pass @property def appliances_etag(self): @@ -182,7 +181,7 @@ async def _download_symbol(self, symbol, destination_path): symbol_url = "https://raw.githubusercontent.com/GNS3/gns3-registry/master/symbols/{}".format(symbol) async with aiohttp.ClientSession() as session: - async with session.get(symbol_url) as response: + async with session.get(symbol_url, ssl=self._ssl_context) as response: if response.status != 200: log.warning("Could not retrieve appliance symbol {} from GitHub due to HTTP error code {}".format(symbol, response.status)) else: @@ -210,6 +209,7 @@ async def download_appliances(self): async with aiohttp.ClientSession() as session: async with session.get( 'https://api.github.com/repos/GNS3/gns3-registry/contents/appliances', + ssl=self._ssl_context, headers=headers ) as response: if response.status == 304: