Skip to content
This repository was archived by the owner on Jun 5, 2025. It is now read-only.

Commit 3c2623e

Browse files
lukehindslukehinds
authored
Merge pull request #303 from stacklok/ssl-context
Improve SSL security of target connections
2 parents 1888554 + 03fa787 commit 3c2623e

File tree

1 file changed

+11
-3
lines changed

1 file changed

+11
-3
lines changed

src/codegate/providers/copilot/provider.py

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -306,12 +306,20 @@ async def connect_to_target(self) -> None:
306306
raise ValueError("Target host and port not set")
307307

308308
target_ssl_context = ssl.create_default_context()
309-
target_ssl_context.check_hostname = False
310-
target_ssl_context.verify_mode = ssl.CERT_NONE
311309

310+
# Ensure that the target SSL certificate is verified
311+
target_ssl_context.check_hostname = True
312+
target_ssl_context.verify_mode = ssl.CERT_REQUIRED
313+
314+
# Connect to target
315+
logger.debug(f"Connecting to {self.target_host}:{self.target_port}")
312316
target_protocol = CopilotProxyTargetProtocol(self)
313317
transport, _ = await self.loop.create_connection(
314-
lambda: target_protocol, self.target_host, self.target_port, ssl=target_ssl_context
318+
lambda: target_protocol,
319+
self.target_host,
320+
self.target_port,
321+
ssl=target_ssl_context,
322+
server_hostname=self.target_host,
315323
)
316324

317325
if self.transport and not self.transport.is_closing():

0 commit comments

Comments
 (0)