Skip to content

Commit 3233fad

Browse files
M03EDM03ED
committed
fix(ssl): allow self signed certificate
1 parent 6bbc087 commit 3233fad

File tree

1 file changed

+19
-4
lines changed

1 file changed

+19
-4
lines changed

main.py

Lines changed: 19 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
UVICORN_HOST,
1818
UVICORN_LOOP,
1919
UVICORN_PORT,
20+
UVICORN_SSL_CA_TYPE,
2021
UVICORN_SSL_CERTFILE,
2122
UVICORN_SSL_KEYFILE,
2223
UVICORN_UDS,
@@ -63,7 +64,7 @@ def check_and_modify_ip(ip_address: str) -> str:
6364
return "localhost"
6465

6566

66-
def validate_cert_and_key(cert_file_path, key_file_path):
67+
def validate_cert_and_key(cert_file_path, key_file_path, ca_type: str = "public"):
6768
if not os.path.isfile(cert_file_path):
6869
raise ValueError(f"SSL certificate file '{cert_file_path}' does not exist.")
6970
if not os.path.isfile(key_file_path):
@@ -80,21 +81,35 @@ def validate_cert_and_key(cert_file_path, key_file_path):
8081
cert_data = cert_file.read()
8182
cert = x509.load_pem_x509_certificate(cert_data, default_backend())
8283

83-
if cert.issuer == cert.subject:
84+
# Only check for self-signed certificates if ca_type is "public"
85+
if ca_type == "public" and cert.issuer == cert.subject:
8486
raise ValueError("The certificate is self-signed and not issued by a trusted CA.")
8587

88+
except ValueError:
89+
# Re-raise ValueError exceptions (including our self-signed check)
90+
raise
8691
except Exception as e:
8792
raise ValueError(f"Certificate verification failed: {e}")
8893

8994

9095
if __name__ == "__main__":
9196
# Do NOT change workers count for now
92-
# multi-workers support isn't implemented yet for APScheduler and XRay module
97+
# multi-workers support isn't implemented yet for APScheduler
98+
99+
# Validate UVICORN_SSL_CA_TYPE value
100+
valid_ca_types = ("public", "private")
101+
ca_type = UVICORN_SSL_CA_TYPE
102+
if ca_type not in valid_ca_types:
103+
logger.warning(
104+
f"Invalid UVICORN_SSL_CA_TYPE value '{UVICORN_SSL_CA_TYPE}'. "
105+
f"Expected one of {valid_ca_types}. Defaulting to 'public'."
106+
)
107+
ca_type = "public"
93108

94109
bind_args = {}
95110

96111
if UVICORN_SSL_CERTFILE and UVICORN_SSL_KEYFILE:
97-
validate_cert_and_key(UVICORN_SSL_CERTFILE, UVICORN_SSL_KEYFILE)
112+
validate_cert_and_key(UVICORN_SSL_CERTFILE, UVICORN_SSL_KEYFILE, ca_type=ca_type)
98113

99114
bind_args["ssl_certfile"] = UVICORN_SSL_CERTFILE
100115
bind_args["ssl_keyfile"] = UVICORN_SSL_KEYFILE

0 commit comments

Comments
 (0)