--- /dev/null
+From 9c0d93ef3b7266037a1c8fe7e49790f9119dae28 Mon Sep 17 00:00:00 2001
+From: Erik Jaegervall <erik.jaegervall@se.bosch.com>
+Date: Wed, 31 Aug 2022 14:41:07 +0200
+Subject: [PATCH] Update kuksa-viss-client to support Python 3.10
+
+SSH checks in Python 3.10 are stricter.
+Using current version with Python 3.10 gives the following error:
+
+Disconnected!! Cannot create a client socket with a PROTOCOL_TLS_SERVER context (_ssl.c:801)
+
+Changing to default context (i.e. implictly Purpose.SERVER_AUTH)
+Also ignoring hostname check as certificate does not include correct hostname
+Updating Docker build to use Python 3.10
+
+Signed-off-by: Erik Jaegervall <erik.jaegervall@se.bosch.com>
+
+Upstream-Status: Backport [https://github.com/eclipse/kuksa.val/commit/9c0d93ef3b7266037a1c8fe7e49790f9119dae28]
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
+---
+ kuksa_viss_client/Dockerfile | 2 +-
+ kuksa_viss_client/__init__.py | 5 ++++-
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/kuksa_viss_client/Dockerfile b/kuksa_viss_client/Dockerfile
+index ae62e50..bf0f49e 100644
+--- a/kuksa_viss_client/Dockerfile
++++ b/kuksa_viss_client/Dockerfile
+@@ -18,7 +18,7 @@ RUN python -m build
+ RUN mkdir /kuksa_viss_client
+ RUN pip install --target /kuksa_viss_client --no-cache-dir dist/*.whl
+
+-FROM python:3.8-alpine
++FROM python:3.10-alpine
+
+ COPY --from=build /kuksa_viss_client /kuksa_viss_client
+ ENV PYTHONUNBUFFERED=yes
+diff --git a/kuksa_viss_client/__init__.py b/kuksa_viss_client/__init__.py
+index 69cc996..ab29fb9 100644
+--- a/kuksa_viss_client/__init__.py
++++ b/kuksa_viss_client/__init__.py
+@@ -227,9 +227,12 @@ class KuksaClientThread(threading.Thread):
+
+ async def mainLoop(self):
+ if not self.insecure:
+- context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
++ context = ssl.create_default_context()
+ context.load_cert_chain(certfile=self.certificate, keyfile=self.keyfile)
+ context.load_verify_locations(cafile=self.cacertificate)
++ # Certificates in ../kuksa_certificates does not contain the IP address used for
++ # connection to server so hostname check must be disabled
++ context.check_hostname = False
+ try:
+ print("connect to wss://"+self.serverIP+":"+str(self.serverPort))
+ async with websockets.connect("wss://"+self.serverIP+":"+str(self.serverPort), ssl=context) as ws:
+--
+2.34.1
+
+++ /dev/null
-From ad534490eb71b16dfe53a6fced6267f0ea58b939 Mon Sep 17 00:00:00 2001
-From: Scott Murray <scott.murray@konsulko.com>
-Date: Mon, 11 Jul 2022 16:04:11 -0400
-Subject: [PATCH] kuksa_viss_client: fix SSL context creation
-
-With the newer Python and OpenSSL in Yocto kirkstone, specifying
-ssl.Purpose.CLIENT_AUTH when creating the SSL context for the
-connection results in the error:
-
- Cannot create a client socket with a PROTOCOL_TLS_SERVER context
-
-when trying to connect to a server with the client library. The fix
-is to instead use ssl.Purpose.SERVER_AUTH, since the context will be
-used by the client to validate the server certificate.
-
-Signed-off-by: Scott Murray <scott.murray@konsulko.com>
----
- kuksa_viss_client/__init__.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kuksa_viss_client/__init__.py b/kuksa_viss_client/__init__.py
-index 69cc996..df7a540 100644
---- a/kuksa_viss_client/__init__.py
-+++ b/kuksa_viss_client/__init__.py
-@@ -227,7 +227,7 @@ class KuksaClientThread(threading.Thread):
-
- async def mainLoop(self):
- if not self.insecure:
-- context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
-+ context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
- context.load_cert_chain(certfile=self.certificate, keyfile=self.keyfile)
- context.load_verify_locations(cafile=self.cacertificate)
- try:
---
-2.35.3
-
Code Review / AGL / meta-agl-demo.git / commitdiff