fix ssl context creation for server vs. client side (#11134)

2024-09-21 08:31:52 +03:00 · 2022-04-20 11:05:52 -07:00 · 2022-04-20 11:05:52 -07:00 · a663ece4c3
commit a663ece4c3
parent 0aaa343691
3 changed files with 8 additions and 5 deletions
--- a/chia/rpc/rpc_server.py
+++ b/chia/rpc/rpc_server.py
@ -9,7 +9,7 @@ from aiohttp import ClientConnectorError, ClientSession, ClientWebSocketResponse

 from chia.rpc.util import wrap_http_handler
 from chia.server.outbound_message import NodeType
-from chia.server.server import ssl_context_for_server
+from chia.server.server import ssl_context_for_client, ssl_context_for_server
 from chia.types.peer_info import PeerInfo
 from chia.util.byte_types import hexstr_to_bytes
 from chia.util.ints import uint16
@ -42,6 +42,9 @@ class RpcServer:
        self.ssl_context = ssl_context_for_server(
            self.ca_cert_path, self.ca_key_path, self.crt_path, self.key_path, log=self.log
        )
+        self.ssl_client_context = ssl_context_for_client(
+            self.ca_cert_path, self.ca_key_path, self.crt_path, self.key_path, log=self.log
+        )

    async def stop(self):
        self.shut_down = True
@ -278,7 +281,7 @@ class RpcServer:
                    autoclose=True,
                    autoping=True,
                    heartbeat=60,
-                    ssl_context=self.ssl_context,
+                    ssl_context=self.ssl_client_context,
                    max_msg_size=max_message_size,
                )
                await self.connection(self.websocket)
--- a/chia/server/server.py
+++ b/chia/server/server.py
@ -48,7 +48,7 @@ def ssl_context_for_server(
    if check_permissions:
        verify_ssl_certs_and_keys([ca_cert, private_cert_path], [ca_key, private_key_path], log)

-    ssl_context = ssl._create_unverified_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=str(ca_cert))
+    ssl_context = ssl._create_unverified_context(purpose=ssl.Purpose.CLIENT_AUTH, cafile=str(ca_cert))
    ssl_context.check_hostname = False
    ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
    ssl_context.set_ciphers(
--- a/tests/block_tools.py
+++ b/tests/block_tools.py
@ -50,7 +50,7 @@ from chia.consensus.vdf_info_computation import get_signage_point_vdf_info
 from chia.full_node.signage_point import SignagePoint
 from chia.plotting.util import PlotsRefreshParameter, PlotRefreshResult, PlotRefreshEvents, parse_plot_info
 from chia.plotting.manager import PlotManager
-from chia.server.server import ssl_context_for_server
+from chia.server.server import ssl_context_for_client
 from chia.types.blockchain_format.classgroup import ClassgroupElement
 from chia.types.blockchain_format.coin import Coin, hash_coin_list
 from chia.types.blockchain_format.foliage import Foliage, FoliageBlockData, FoliageTransactionBlock, TransactionsInfo
@ -364,7 +364,7 @@ class BlockTools:
        key_path = self.root_path / self.config["daemon_ssl"]["private_key"]
        ca_cert_path = self.root_path / self.config["private_ssl_ca"]["crt"]
        ca_key_path = self.root_path / self.config["private_ssl_ca"]["key"]
-        return ssl_context_for_server(ca_cert_path, ca_key_path, crt_path, key_path)
+        return ssl_context_for_client(ca_cert_path, ca_key_path, crt_path, key_path)

    def get_plot_signature(self, m: bytes32, plot_pk: G1Element) -> G2Element:
        """