@@ -377,43 +377,48 @@ def _connect(self):
377377
378378 # Server is ok with SSL, we switch over SSL.
379379 self .context = ssl .SSLContext (ssl .PROTOCOL_TLS_CLIENT )
380+ self .context .verify_mode = ssl .CERT_REQUIRED
381+ self .context .check_hostname = True
380382 if self .config .ca_cert :
381383 self .context .load_verify_locations (
382384 cafile = self .config .ca_cert
383385 )
386+ else :
387+ self .context .load_default_certs (ssl .Purpose .SERVER_AUTH )
388+
384389 # TODO, we need to add support for local certificates
385390 # For now, we let the server send us the certificate
386391 try :
387392 self .conn = self .context .wrap_socket (
388393 self .conn , server_hostname = self .host )
389394 except ssl .SSLCertVerificationError as e :
390- logger .error (f"Error verifying certificate: { e } )
391- logger .error (
395+ logger .exception (
392396 f"The host name must match the certificate: { self .host } )
393- logger .error (
397+ logger .exception (
394398 f"You can use the ca_cert parameter to specify a custom CA certificate" )
395399 assert False , "Certificate verification failed" + os .linesep + \
396400 f"The host name must match the certificate: { self .host } + os .linesep + \
397401 f"You can use the ca_cert parameter to specify a custom CA certificate " + os .linesep + \
398402 f"Refer to the documentation for more information: { SETUP_URL } + os .linesep + \
399- f"Alternatively, SSL can be disabled by setting use_ssl=False (not recommended)"
403+ f"Alternatively, SSL can be disabled by setting use_ssl=False (not recommended)" + os .linesep + \
404+ f"{ e = }
400405 except ssl .SSLError as e :
401406 logger .error (f"Error wrapping socket: { e } )
402407 self .conn .close ()
403408 self .connected = False
404409 raise
405410
406411 except FileNotFoundError as e :
407- logger .error (f"Error verifying certificate: { e } )
408- logger .error (
412+ logger .exception (
409413 f"The certificate file does not exist: { self .config .ca_cert } )
410- logger .error (
414+ logger .exception (
411415 f"You can use the ca_cert parameter to specify a custom CA certificate" )
412416 assert False , "Certificate verification failed" + os .linesep + \
413417 f"The ca certificate file does not exist: { self .config .ca_cert } + os .linesep + \
414418 f"You can use the ca_cert parameter to specify a custom CA certificate " + os .linesep + \
415419 f"Refer to the documentation for more information: { SETUP_URL } + os .linesep + \
416- f"Alternatively, SSL can be disabled by setting use_ssl=False (not recommended)"
420+ f"Alternatively, SSL can be disabled by setting use_ssl=False (not recommended)" + os .linesep + \
421+ f"{ e = }
417422 except BaseException as e :
418423 self .conn .close ()
419424 self .connected = False
0 commit comments