a6ac3d4d06
Extracted from silo monorepo. Provides SiloClient (HTTP client) and SiloSettings (abstract config adapter) so both the FreeCAD workbench and LibreOffice Calc extension share the same API layer. Includes CATEGORY_NAMES, sanitize_filename, parse_part_number, get_category_folder_name, and SSL context builder.
45 lines
1.3 KiB
Python
45 lines
1.3 KiB
Python
"""SSL context builder for Silo API clients."""
|
|
|
|
import os
|
|
import ssl
|
|
|
|
|
|
def build_ssl_context(verify: bool = True, cert_path: str = "") -> ssl.SSLContext:
|
|
"""Build an SSL context honouring the caller's verify/cert preferences.
|
|
|
|
Args:
|
|
verify: Whether to verify server certificates.
|
|
cert_path: Optional path to a custom CA certificate file.
|
|
|
|
Returns:
|
|
A configured ``ssl.SSLContext``.
|
|
"""
|
|
ctx = ssl.create_default_context()
|
|
|
|
if not verify:
|
|
ctx.check_hostname = False
|
|
ctx.verify_mode = ssl.CERT_NONE
|
|
return ctx
|
|
|
|
if cert_path and os.path.isfile(cert_path):
|
|
try:
|
|
ctx.load_verify_locations(cert_path)
|
|
except Exception:
|
|
pass
|
|
|
|
# The bundled Python may not find the system CA store automatically
|
|
# (its compiled-in path points to the build environment). Load the
|
|
# system CA bundle explicitly so internal CAs (e.g. FreeIPA) are trusted.
|
|
for ca_path in (
|
|
"/etc/ssl/certs/ca-certificates.crt", # Debian / Ubuntu
|
|
"/etc/pki/tls/certs/ca-bundle.crt", # RHEL / CentOS
|
|
):
|
|
if os.path.isfile(ca_path):
|
|
try:
|
|
ctx.load_verify_locations(ca_path)
|
|
except Exception:
|
|
pass
|
|
break
|
|
|
|
return ctx
|