bond-cli: implement https support to bond-cli, added security levels for https-insecure and https #67
Conversation
| print(f"Handler assigned: {handler}") | ||
|
|
||
| if protocol in ["https", "https-insecure"]: | ||
| # Need to add certificate with name cert.pem and key with name key.pem for |
There was a problem hiding this comment.
@AliakseiSubach will you add these files to the project?
There was a problem hiding this comment.
@chrismerck i can push my files. But its self-signed certificate. Everyone can create it using cmd: "openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes". Do you need this for testing?
| key_path = os.path.join(base_dir, "key.pem") | ||
|
|
||
| context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) | ||
| if protocol == "https-insecure": |
There was a problem hiding this comment.
What is the difference here? Is it even possible for the server-side of a TLS connection to verify the client in this way? And even if so, I do not see how it would work with a Bond on the local network. Please just support the http/https.
There was a problem hiding this comment.
@chrismerck This context will be used to handle encrypted communications between server and client. And server side must have key and cert for session key creation. After this, they switch to a secure channel, where data transmission occurs using a symmetric encryption algorithm.
bond/commands/backup.py
Outdated
| from http.server import HTTPServer, SimpleHTTPRequestHandler | ||
| from pathlib import Path | ||
| from queue import Queue | ||
| from threading import Thread | ||
|
|
||
| import requests.exceptions | ||
| #import requests.exceptions |
There was a problem hiding this comment.
Why remove this? It is used by line 248.
AliakseiSubach
force-pushed
the
altabel/https_support
branch
from
50ea2c9 to
ef62b9a
Compare
implement https support to bond-cli, added security levels for https-insecure and https