Skip to content

Commit

Permalink
reverted some changes
Browse files Browse the repository at this point in the history
  • Loading branch information
cartertinney committed Jul 17, 2024
1 parent 39d94f6 commit a658a99
Show file tree
Hide file tree
Showing 5 changed files with 16 additions and 11 deletions.
6 changes: 4 additions & 2 deletions azure-iot-device/azure/iot/device/common/http_transport.py
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,7 @@ def _create_ssl_context(self):
This method creates the SSLContext object used to authenticate the connection. The generated context is used by the http_client and is necessary when authenticating using a self-signed X509 cert or trusted X509 cert
"""
logger.debug("creating a SSL context")
# Note that PROTOCOL_TLS_CLIENT implies ssl.CERT_REQUIRED and check_hostname == true
ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2)

if self._server_verification_cert:
ssl_context.load_verify_locations(cadata=self._server_verification_cert)
Expand All @@ -92,6 +91,9 @@ def _create_ssl_context(self):
self._x509_cert.pass_phrase,
)

ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = True

return ssl_context

@pipeline_thread.invoke_on_http_thread_nowait
Expand Down
6 changes: 4 additions & 2 deletions azure-iot-device/azure/iot/device/common/mqtt_transport.py
Original file line number Diff line number Diff line change
Expand Up @@ -321,8 +321,7 @@ def _create_ssl_context(self):
This method creates the SSLContext object used by Paho to authenticate the connection.
"""
logger.debug("creating a SSL context")
# Note that PROTOCOL_TLS_CLIENT implies ssl.CERT_REQUIRED and check_hostname == true
ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLSv1_2)

if self._server_verification_cert:
logger.debug("configuring SSL context with custom server verification cert")
Expand All @@ -347,6 +346,9 @@ def _create_ssl_context(self):
self._x509_cert.pass_phrase,
)

ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = True

return ssl_context

def shutdown(self):
Expand Down
2 changes: 1 addition & 1 deletion tests/e2e/iothub_e2e/sync/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ def brand_new_client(device_identity, client_kwargs, service_helper, device_id,
# Keep this here. It is useful to see this info inside the inside devops pipeline test failures.
logger.info(
"Connecting device_id={}, module_id={}, to hub={} at {} (UTC)".format(
device_id, module_id, test_env.IOTHUB_HOSTNAME, datetime.datetime.now(datetime.UTC)
device_id, module_id, test_env.IOTHUB_HOSTNAME, datetime.datetime.utcnow()
)
)

Expand Down
7 changes: 4 additions & 3 deletions tests/unit/common/test_http_transport.py
Original file line number Diff line number Diff line change
Expand Up @@ -100,13 +100,14 @@ def test_proxy_format(self, proxy_options):
)
def test_configures_tls_context(self, mocker):
mock_ssl_context_constructor = mocker.patch.object(ssl, "SSLContext")
mock_ssl_context = mock_ssl_context_constructor.return_value

HTTPTransport(hostname=fake_hostname)
# Verify correctness of TLS/SSL Context
assert mock_ssl_context_constructor.call_count == 1
assert mock_ssl_context_constructor.call_args == mocker.call(
protocol=ssl.PROTOCOL_TLS_CLIENT
)
assert mock_ssl_context_constructor.call_args == mocker.call(protocol=ssl.PROTOCOL_TLSv1_2)
assert mock_ssl_context.check_hostname is True
assert mock_ssl_context.verify_mode == ssl.CERT_REQUIRED

@pytest.mark.it(
"Configures TLS/SSL context using default certificates if protocol wrapper not instantiated with a server verification certificate"
Expand Down
6 changes: 3 additions & 3 deletions tests/unit/common/test_mqtt_transport.py
Original file line number Diff line number Diff line change
Expand Up @@ -267,9 +267,9 @@ def test_configures_tls_context(self, mocker):

# Verify correctness of TLS/SSL Context
assert mock_ssl_context_constructor.call_count == 1
assert mock_ssl_context_constructor.call_args == mocker.call(
protocol=ssl.PROTOCOL_TLS_CLIENT
)
assert mock_ssl_context_constructor.call_args == mocker.call(protocol=ssl.PROTOCOL_TLSv1_2)
assert mock_ssl_context.check_hostname is True
assert mock_ssl_context.verify_mode == ssl.CERT_REQUIRED

# Verify context has been set
assert mock_mqtt_client.tls_set_context.call_count == 1
Expand Down

0 comments on commit a658a99

Please sign in to comment.