From aecf1325862da47826b2b8563cfb7698ec76181d Mon Sep 17 00:00:00 2001 From: Ethan Date: Tue, 11 Jun 2024 08:17:26 -0400 Subject: [PATCH] RSDK-7854 - fix local dialing, server_hostname setting (#632) --- src/viam/rpc/dial.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/viam/rpc/dial.py b/src/viam/rpc/dial.py index 8429755b8..e0f3b1e8f 100644 --- a/src/viam/rpc/dial.py +++ b/src/viam/rpc/dial.py @@ -313,12 +313,22 @@ async def _dial_direct(address: str, options: Optional[DialOptions] = None) -> C if insecure: ctx = None else: - ctx = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH) + is_local_host = host is not None and (host.startswith("localhost") or host.startswith("0.0.0.0") or host.startswith("127.")) + if is_local_host: + ctx = ssl._create_unverified_context(purpose=ssl.Purpose.SERVER_AUTH) + else: + ctx = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH) ctx.minimum_version = ssl.TLSVersion.TLSv1_2 ctx.set_ciphers("ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20") ctx.set_alpn_protocols(["h2"]) - if options is not None and options.auth_entity and host != options.auth_entity: + if ( + options is not None + and options.auth_entity + and host != options.auth_entity + and options.credentials is not None + and options.credentials.type != "api-key" + ): server_hostname = options.auth_entity # Test if downgrade is required.