From 39d7e4f2b788a8cc34527ae8296b3535f4bcacd5 Mon Sep 17 00:00:00 2001 From: Stefan Hellander Date: Thu, 26 Sep 2024 11:45:01 +0200 Subject: [PATCH] Stop downloading cert, just use system default instead. --- fedn/network/clients/client.py | 23 ++--------------------- 1 file changed, 2 insertions(+), 21 deletions(-) diff --git a/fedn/network/clients/client.py b/fedn/network/clients/client.py index 6b88503d4..cfdfd4dbc 100644 --- a/fedn/network/clients/client.py +++ b/fedn/network/clients/client.py @@ -3,7 +3,6 @@ import os import queue import re -import socket import sys import threading import time @@ -13,9 +12,7 @@ import grpc import requests -from cryptography.hazmat.primitives.serialization import Encoding from google.protobuf.json_format import MessageToJson -from OpenSSL import SSL from tenacity import retry, stop_after_attempt import fedn.network.grpc.fedn_pb2 as fedn @@ -158,20 +155,6 @@ def _add_grpc_metadata(self, key, value): # Set metadata using tuple concatenation self.metadata += ((key, value),) - def _get_ssl_certificate(self, domain, port=443): - context = SSL.Context(SSL.SSLv23_METHOD) - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - sock.connect((domain, port)) - ssl_sock = SSL.Connection(context, sock) - ssl_sock.set_tlsext_host_name(domain.encode()) - ssl_sock.set_connect_state() - ssl_sock.do_handshake() - cert = ssl_sock.get_peer_certificate() - ssl_sock.close() - sock.close() - cert = cert.to_cryptography().public_bytes(Encoding.PEM).decode() - return cert - def connect(self, combiner_config): """Connect to combiner. @@ -203,10 +186,8 @@ def connect(self, combiner_config): channel = grpc.secure_channel("{}:{}".format(host, str(port)), credentials) elif self.config["secure"]: secure = True - logger.info("Using CA certificate for GRPC channel.") - cert = self._get_ssl_certificate(host, port=port) - - credentials = grpc.ssl_channel_credentials(cert.encode("utf-8")) + logger.info("Using default location for root certificates.") + credentials = grpc.ssl_channel_credentials() if self.config["token"]: token = self.config["token"] auth_creds = grpc.metadata_call_credentials(GrpcAuth(token))