[tryton-commits] changeset in modules/ldap_authentication:6.2 Enforce certificate...

Fri, 24 Jun 2022 01:25:45 -0700 

changeset 513f30593c54 in modules/ldap_authentication:6.2
details: 
https://hg.tryton.org/modules/ldap_authentication?cmd=changeset&node=513f30593c54
description:
        Enforce certificate validation for LDAP connection

        issue11564
        review417381003
        (grafted from 366cca2d391e3fda2e038b34a032f4acf0efdce5)
diffstat:

 CHANGELOG |  2 ++
 res.py    |  5 ++++-
 2 files changed, 6 insertions(+), 1 deletions(-)

diffs (34 lines):

diff -r afafb11e0bed -r 513f30593c54 CHANGELOG
--- a/CHANGELOG Mon Nov 01 17:02:36 2021 +0100
+++ b/CHANGELOG Tue Jun 21 10:17:02 2022 +0200
@@ -1,3 +1,5 @@
+* Enforce certificate validation for LDAP connection (issue11564)
+
 Version 6.2.0 - 2021-11-01
 * Bug fixes (see mercurial logs for details)
 
diff -r afafb11e0bed -r 513f30593c54 res.py
--- a/res.py    Mon Nov 01 17:02:36 2021 +0100
+++ b/res.py    Tue Jun 21 10:17:02 2022 +0200
@@ -1,6 +1,7 @@
 # This file is part of Tryton.  The COPYRIGHT file at the top level of
 # this repository contains the full copyright notices and license terms.
 import logging
+import ssl
 import urllib.parse
 
 import ldap3
@@ -42,10 +43,12 @@
     uri, _, _, _, _, extensions = parse_ldap_url(uri)
     if uri.scheme.startswith('ldaps'):
         scheme, port = 'ldaps', 636
+        tls = ldap3.Tls(validate=ssl.CERT_REQUIRED)
     else:
         scheme, port = 'ldap', 389
+        tls = None
     return ldap3.Server('%s://%s:%s' % (
-            scheme, uri.hostname, uri.port or port))
+            scheme, uri.hostname, uri.port or port), tls=tls)
 
 
 class User(metaclass=PoolMeta):

Reply via email to