Skip to content

Commit

Permalink
[fix][resotocore] Add additional CA to bundle (#1797)
Browse files Browse the repository at this point in the history
  • Loading branch information
aquamatthias authored Oct 6, 2023
1 parent b41391c commit 27ff710
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 5 deletions.
4 changes: 2 additions & 2 deletions resotocore/resotocore/__main__.py
Original file line number Diff line number Diff line change
Expand Up @@ -154,8 +154,8 @@ def run_process(args: Namespace) -> None:
deps.add(ServiceNames.config, evolve(config, run=RunConfig(temp, verify)))
# in case of tls: connect again with the correct certificate settings
use_tls = args.graphdb_server.startswith("https://")
db = DbAccess.connect(args, timedelta(seconds=30), verify=verify)[2] if use_tls else sdb
deps.add(ServiceNames.system_database, db)
sdb = DbAccess.connect(args, timedelta(seconds=30), verify=verify)[2] if use_tls else sdb
deps.add(ServiceNames.system_database, sdb)
event_sender = deps.add(
ServiceNames.event_sender,
PostHogEventSender(deps.system_data) if config.runtime.usage_metrics else NoEventSender(),
Expand Down
2 changes: 1 addition & 1 deletion resotocore/resotocore/db/db_access.py
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ def create_database() -> None:
try:
# try to access the system database with default credentials.
# this only works if arango has been started with default settings.
http_client = ArangoHTTPClient(args.graphdb_request_timeout, not args.graphdb_no_ssl_verify)
http_client = ArangoHTTPClient(args.graphdb_request_timeout, False)
root_pw = args.graphdb_root_password
secure_root = not args.graphdb_bootstrap_do_not_secure
root_db = ArangoClient(hosts=args.graphdb_server, http_client=http_client).db(password=root_pw)
Expand Down
2 changes: 1 addition & 1 deletion resotocore/resotocore/system_start.py
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ def check_file(path: str) -> str:
if os.path.isfile(path):
return path
else:
raise AttributeError(f"{message}: path {path} is not a directory!")
raise AttributeError(f"{message}: path {path} is not a file!")

return check_file

Expand Down
3 changes: 2 additions & 1 deletion resotocore/resotocore/web/certificate_handler.py
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ def __init__(
super().__init__()
self.config = config
self._ca_cert = ca_cert
self._trusted_authorities = [self._ca_cert] + (additional_trusted_authorities or [])
self._ca_cert_bytes = cert_to_bytes(ca_cert)
self._ca_cert_fingerprint = cert_fingerprint(ca_cert)
self._ca_bundle = temp_dir / "ca-bundle.crt"
Expand All @@ -68,7 +69,7 @@ async def stop(self) -> None:
await self._ca_cert_recreate.stop()

def __recreate_ca_file(self) -> None:
write_ca_bundle(self._ca_cert, str(self._ca_bundle))
write_ca_bundle(self._trusted_authorities, str(self._ca_bundle))

@property
def ca_cert(self) -> Certificate:
Expand Down

0 comments on commit 27ff710

Please sign in to comment.